From 0e96c1877464f0e232ce2b9ca03dbec46b55464b Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Tue, 17 Oct 2023 09:56:41 -0700 Subject: [PATCH] [8.6] [DOCS] Remove OAS API previews (#168761) (#169145) # Backport This will backport the following commits from `main` to `8.6`: - [[DOCS] Remove OAS API previews (#168761)](https://github.com/elastic/kibana/pull/168761) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) --- docs/api-generated/README.md | 42 - .../cases/case-apis-passthru.asciidoc | 2952 ----------------- docs/api-generated/cases/case-apis.asciidoc | 10 - .../connector-apis-passthru.asciidoc | 2318 ------------- .../connectors/connector-apis.asciidoc | 10 - .../ml-apis-passthru.asciidoc | 205 -- .../machine-learning/ml-apis.asciidoc | 10 - .../rules/rule-apis-passthru.asciidoc | 2601 --------------- docs/api-generated/rules/rule-apis.asciidoc | 10 - docs/api-generated/template/index.mustache | 170 - .../actions-and-connectors/create.asciidoc | 2 +- .../actions-and-connectors/delete.asciidoc | 2 +- .../actions-and-connectors/execute.asciidoc | 2 +- docs/api/actions-and-connectors/get.asciidoc | 2 +- .../actions-and-connectors/get_all.asciidoc | 2 +- docs/api/actions-and-connectors/list.asciidoc | 2 +- .../actions-and-connectors/update.asciidoc | 2 +- docs/api/alerting/create_rule.asciidoc | 2 +- docs/api/alerting/delete_rule.asciidoc | 2 +- docs/api/alerting/disable_rule.asciidoc | 2 +- docs/api/alerting/enable_rule.asciidoc | 2 +- docs/api/alerting/find_rules.asciidoc | 2 +- docs/api/alerting/get_rules.asciidoc | 2 +- docs/api/alerting/health.asciidoc | 2 +- docs/api/alerting/list_rule_types.asciidoc | 2 +- docs/api/alerting/mute_alert.asciidoc | 2 +- docs/api/alerting/mute_all_alerts.asciidoc | 2 +- docs/api/alerting/unmute_alert.asciidoc | 2 +- docs/api/alerting/unmute_all_alerts.asciidoc | 2 +- docs/api/alerting/update_rule.asciidoc | 2 +- docs/api/cases/cases-api-add-comment.asciidoc | 2 +- docs/api/cases/cases-api-create.asciidoc | 2 +- .../api/cases/cases-api-delete-cases.asciidoc | 2 +- .../cases/cases-api-delete-comments.asciidoc | 2 +- docs/api/cases/cases-api-find-cases.asciidoc | 2 +- .../cases/cases-api-find-connectors.asciidoc | 2 +- docs/api/cases/cases-api-get-alerts.asciidoc | 2 +- .../cases-api-get-case-activity.asciidoc | 2 +- docs/api/cases/cases-api-get-case.asciidoc | 2 +- .../cases-api-get-cases-by-alert.asciidoc | 2 +- .../api/cases/cases-api-get-comments.asciidoc | 2 +- .../cases-api-get-configuration.asciidoc | 2 +- .../cases/cases-api-get-reporters.asciidoc | 2 +- docs/api/cases/cases-api-get-status.asciidoc | 2 +- docs/api/cases/cases-api-get-tags.asciidoc | 2 +- docs/api/cases/cases-api-push.asciidoc | 2 +- .../cases-api-set-configuration.asciidoc | 2 +- .../cases/cases-api-update-comment.asciidoc | 2 +- .../cases-api-update-configuration.asciidoc | 2 +- docs/api/cases/cases-api-update.asciidoc | 2 +- docs/api/machine-learning/sync.asciidoc | 2 +- docs/apis.asciidoc | 17 - docs/index.asciidoc | 2 - docs/redirects.asciidoc | 6 + 54 files changed, 47 insertions(+), 8388 deletions(-) delete mode 100644 docs/api-generated/README.md delete mode 100644 docs/api-generated/cases/case-apis-passthru.asciidoc delete mode 100644 docs/api-generated/cases/case-apis.asciidoc delete mode 100644 docs/api-generated/connectors/connector-apis-passthru.asciidoc delete mode 100644 docs/api-generated/connectors/connector-apis.asciidoc delete mode 100644 docs/api-generated/machine-learning/ml-apis-passthru.asciidoc delete mode 100644 docs/api-generated/machine-learning/ml-apis.asciidoc delete mode 100644 docs/api-generated/rules/rule-apis-passthru.asciidoc delete mode 100644 docs/api-generated/rules/rule-apis.asciidoc delete mode 100644 docs/api-generated/template/index.mustache delete mode 100644 docs/apis.asciidoc diff --git a/docs/api-generated/README.md b/docs/api-generated/README.md deleted file mode 100644 index 97a94e512e5c6..0000000000000 --- a/docs/api-generated/README.md +++ /dev/null @@ -1,42 +0,0 @@ -# OpenAPI (Experimental) - -Open API specifications (OAS) exist in JSON or YAML format for some Kibana features, -though they are experimental and may be incomplete or change later. - -A preview of the API specifications can be added to the Kibana Guide by using -the following process: - -. Install [OpenAPI Generator](https://openapi-generator.tech/docs/installation), -or a similar tool that can generate HTML output from OAS. - -. Optionally validate the specifications by using the commands listed in the appropriate readmes. - -. Generate HTML output. For example: - - ``` - openapi-generator-cli generate -g html -i $GIT_HOME/kibana/x-pack/plugins/alerting/docs/openapi/bundled.yaml -o $GIT_HOME/kibana/docs/api-generated/rules -t $GIT_HOME/kibana/docs/api-generated/template - - openapi-generator-cli generate -g html -i $GIT_HOME/kibana/x-pack/plugins/cases/docs/openapi/bundled.yaml -o $GIT_HOME/kibana/docs/api-generated/cases -t $GIT_HOME/kibana/docs/api-generated/template - - openapi-generator-cli generate -g html -i $GIT_HOME/kibana/x-pack/plugins/actions/docs/openapi/bundled.yaml -o $GIT_HOME/kibana/docs/api-generated/connectors -t $GIT_HOME/kibana/docs/api-generated/template - - openapi-generator-cli generate -g html -i $GIT_HOME/kibana/x-pack/plugins/ml/common/openapi/ml_apis_v3.yaml -o $GIT_HOME/kibana/docs/api-generated/machine-learning -t $GIT_HOME/kibana/docs/api-generated/template - ``` - -. Rename the output files. For example: - ``` - mv $GIT_HOME/kibana/docs/api-generated/rules/index.html $GIT_HOME/kibana/docs/api-generated/rules/rule-apis-passthru.asciidoc - mv $GIT_HOME/kibana/docs/api-generated/cases/index.html $GIT_HOME/kibana/docs/api-generated/cases/case-apis-passthru.asciidoc - mv $GIT_HOME/kibana/docs/api-generated/connectors/index.html $GIT_HOME/kibana/docs/api-generated/connectors/connector-apis-passthru.asciidoc - mv $GIT_HOME/kibana/docs/api-generated/machine-learning/index.html $GIT_HOME/kibana/docs/api-generated/machine-learning/ml-apis-passthru.asciidoc - ``` - -. If you're creating a new set of API output, you will need to have a page that incorporates the output by using passthrough blocks. For more information, refer to [Asciidoctor docs](https://docs.asciidoctor.org/asciidoc/latest/pass/pass-block/) - -. Verify the output by building the Kibana documentation. At this time, the output is added as a technical preview in the appendix. - -## Known issues - -- Some OAS 3.0 features such as `anyOf`, `oneOf`, and `allOf` might not display properly in the preview. These are on the [Short-term roadmap](https://openapi-generator.tech/docs/roadmap/) at this time. - - diff --git a/docs/api-generated/cases/case-apis-passthru.asciidoc b/docs/api-generated/cases/case-apis-passthru.asciidoc deleted file mode 100644 index b95159d606ab1..0000000000000 --- a/docs/api-generated/cases/case-apis-passthru.asciidoc +++ /dev/null @@ -1,2952 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

-
    -
  1. APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
  2. -
  3. HTTP Basic Authentication
  4. -
- -

Methods

- [ Jump to Models ] - -

Table of Contents

-
-

Cases

- - -

Cases

-
-
- Up -
post /s/{spaceId}/api/cases/{caseId}/comments
-
Adds a comment or alert to a case. (addCaseComment)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
add_case_comment_request add_case_comment_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /s/{spaceId}/api/cases
-
Creates a case. (createCase)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're creating.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
create_case_request create_case_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
delete /s/{spaceId}/api/cases
-
Deletes one or more cases. (deleteCase)
-
You must have read or all privileges and the delete sub-feature privilege for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- -

Query parameters

-
-
ids (required)
- -
Query Parameter — The cases that you want to removed. All non-ASCII characters must be URL encoded. default: null
-
- - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
delete /s/{spaceId}/api/cases/{caseId}/comments/{commentId}
-
Deletes a comment or alert from a case. (deleteCaseComment)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
- -
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
delete /s/{spaceId}/api/cases/{caseId}/comments
-
Deletes all comments and alerts from a case. (deleteCaseComments)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/comments
-
Retrieves all the comments from a case. (getAllCaseComments)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}
-
Retrieves information about a case. (getCase)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
includeComments (optional)
- -
Query Parameter — Determines whether case comments are returned. default: true
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/user_actions
-
Returns all user activity for a case. (getCaseActivity)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "action_id" : "22fd3e30-03b1-11ed-920c-974bfa104448",
-  "case_id" : "22df07d0-03b1-11ed-920c-974bfa104448",
-  "action" : "create",
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "comment_id" : "578608d0-03b1-11ed-920c-974bfa104448",
-  "type" : "create_case",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/alerts
-
Gets all alerts attached to a case. (getCaseAlerts)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "index" : "index",
-  "id" : "id",
-  "attached_at" : "2000-01-23T04:56:07.000+00:00"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/{caseId}/comments/{commentId}
-
Retrieves a comment from a case. (getCaseComment)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
commentId (required)
- -
Path Parameter — The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCaseComment_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/configure
-
Retrieves external connection details, such as the closure type and default connector for cases. (getCaseConfiguration)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "closure_type" : "close-by-user",
-  "owner" : "cases",
-  "mappings" : [ {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  }, {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  } ],
-  "connector" : {
-    "name" : "none",
-    "id" : "none",
-    "fields" : "{}",
-    "type" : ".none"
-  },
-  "updated_at" : "2022-06-01T19:58:48.169Z",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "created_at" : "2022-06-01T17:07:17.767Z",
-  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
-  "error" : "error",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzIwNzMsMV0="
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/configure/connectors/_find
-
Retrieves information about connectors. (getCaseConnectors)
-
In particular, only the connectors that are supported for use in cases are returned. You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : ".none",
-  "referencedByCount" : 0,
-  "name" : "name",
-  "id" : "id",
-  "config" : {
-    "projectKey" : "projectKey",
-    "apiUrl" : "apiUrl"
-  },
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/reporters
-
Returns information about the users who opened cases. (getCaseReporters)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "full_name" : "full_name",
-  "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-  "email" : "email",
-  "username" : "elastic"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/status
-
Returns the number of cases that are open, closed, and in progress. (getCaseStatus)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "count_in_progress_cases" : 6,
-  "count_open_cases" : 1,
-  "count_closed_cases" : 0
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCaseStatus_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/tags
-
Aggregates and returns a list of case tags. (getCaseTags)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the retrieved case statistics to a specific set of applications. If this parameter is omitted, the response contains tags from all cases that the user has access to read. default: null
-
- - -

Return type

-
- - array[String] -
- - - -

Example data

-
Content-Type: application/json
-
""
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/_find
-
Retrieves a paginated subset of cases. (getCases)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
assignees (optional)
- -
Query Parameter — Filters the returned cases by assignees. Valid values are none or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API. default: null
defaultSearchOperator (optional)
- -
Query Parameter — The default operator to use for the simple_query_string. default: OR
fields (optional)
- -
Query Parameter — The fields in the entity to return in the response. default: null
from (optional)
- -
Query Parameter — [preview] Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
page (optional)
- -
Query Parameter — The page number to return. default: 1
perPage (optional)
- -
Query Parameter — The number of rules to return per page. default: 20
reporters (optional)
- -
Query Parameter — Filters the returned cases by the user name of the reporter. default: null
search (optional)
- -
Query Parameter — An Elasticsearch simple_query_string query that filters the objects in the response. default: null
searchFields (optional)
- -
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
severity (optional)
- -
Query Parameter — The severity of the case. default: null
sortField (optional)
- -
Query Parameter — Determines which field is used to sort the results. default: createdAt
sortOrder (optional)
- -
Query Parameter — Determines the sort order. default: desc
status (optional)
- -
Query Parameter — Filters the returned cases by state. default: null
tags (optional)
- -
Query Parameter — Filters the returned cases by tags. default: null
to (optional)
- -
Query Parameter — [preview] Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "count_in_progress_cases" : 6,
-  "per_page" : 5,
-  "total" : 2,
-  "cases" : [ {
-    "owner" : "cases",
-    "totalComment" : 0,
-    "settings" : {
-      "syncAlerts" : true
-    },
-    "totalAlerts" : 0,
-    "closed_at" : "2000-01-23T04:56:07.000+00:00",
-    "comments" : [ null, null ],
-    "assignees" : [ {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    } ],
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "description" : "A case description.",
-    "title" : "Case title 1",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzUzMiwxXQ==",
-    "closed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "tags" : [ "tag-1" ],
-    "duration" : 120,
-    "updated_at" : "2000-01-23T04:56:07.000+00:00",
-    "updated_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-    "external_service" : {
-      "external_title" : "external_title",
-      "pushed_by" : {
-        "full_name" : "full_name",
-        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-        "email" : "email",
-        "username" : "elastic"
-      },
-      "external_url" : "external_url",
-      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-      "connector_id" : "connector_id",
-      "external_id" : "external_id",
-      "connector_name" : "connector_name"
-    }
-  }, {
-    "owner" : "cases",
-    "totalComment" : 0,
-    "settings" : {
-      "syncAlerts" : true
-    },
-    "totalAlerts" : 0,
-    "closed_at" : "2000-01-23T04:56:07.000+00:00",
-    "comments" : [ null, null ],
-    "assignees" : [ {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    }, {
-      "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-    } ],
-    "created_at" : "2022-05-13T09:16:17.416Z",
-    "description" : "A case description.",
-    "title" : "Case title 1",
-    "created_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "version" : "WzUzMiwxXQ==",
-    "closed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "tags" : [ "tag-1" ],
-    "duration" : 120,
-    "updated_at" : "2000-01-23T04:56:07.000+00:00",
-    "updated_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-    "external_service" : {
-      "external_title" : "external_title",
-      "pushed_by" : {
-        "full_name" : "full_name",
-        "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-        "email" : "email",
-        "username" : "elastic"
-      },
-      "external_url" : "external_url",
-      "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-      "connector_id" : "connector_id",
-      "external_id" : "external_id",
-      "connector_name" : "connector_name"
-    }
-  } ],
-  "count_open_cases" : 1,
-  "count_closed_cases" : 0,
-  "page" : 5
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCases_200_response -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
get /s/{spaceId}/api/cases/alerts/{alertId}
-
Returns the cases associated with a specific alert. (getCasesByAlert)
-
You must have read privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
- -

Path parameters

-
-
alertId (required)
- -
Path Parameter — An identifier for the alert. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
owner (optional)
- -
Query Parameter — A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
[ {
-  "id" : "06116b80-e1c3-11ec-be9b-9b1838238ee6",
-  "title" : "security_case"
-} ]
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /s/{spaceId}/api/cases/{caseId}/connector/{connectorId}/_push
-
Pushes a case to an external service. (pushCase)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. You must also have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're pushing.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
connectorId (required)
- -
Path Parameter — An identifier for the connector. To retrieve connector IDs, use the find connectors API. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
body object (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
post /s/{spaceId}/api/cases/configure
-
Sets external connection details, such as the closure type and default connector for cases. (setCaseConfiguration)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
setCaseConfiguration_request setCaseConfiguration_request (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "closure_type" : "close-by-user",
-  "owner" : "cases",
-  "mappings" : [ {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  }, {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  } ],
-  "connector" : {
-    "name" : "none",
-    "id" : "none",
-    "fields" : "{}",
-    "type" : ".none"
-  },
-  "updated_at" : "2022-06-01T19:58:48.169Z",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "created_at" : "2022-06-01T17:07:17.767Z",
-  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
-  "error" : "error",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzIwNzMsMV0="
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getCaseConfiguration_200_response_inner -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
patch /s/{spaceId}/api/cases
-
Updates one or more cases. (updateCase)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_case_request update_case_request (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
patch /s/{spaceId}/api/cases/{caseId}/comments
-
Updates a comment or alert in a case. (updateCaseComment)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.
- -

Path parameters

-
-
caseId (required)
- -
Path Parameter — The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_case_comment_request update_case_comment_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "owner" : "cases",
-  "totalComment" : 0,
-  "settings" : {
-    "syncAlerts" : true
-  },
-  "totalAlerts" : 0,
-  "closed_at" : "2000-01-23T04:56:07.000+00:00",
-  "comments" : [ null, null ],
-  "assignees" : [ {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  }, {
-    "uid" : "u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0"
-  } ],
-  "created_at" : "2022-05-13T09:16:17.416Z",
-  "description" : "A case description.",
-  "title" : "Case title 1",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzUzMiwxXQ==",
-  "closed_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "tags" : [ "tag-1" ],
-  "duration" : 120,
-  "updated_at" : "2000-01-23T04:56:07.000+00:00",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "id" : "66b9aa00-94fa-11ea-9f74-e7e108796192",
-  "external_service" : {
-    "external_title" : "external_title",
-    "pushed_by" : {
-      "full_name" : "full_name",
-      "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-      "email" : "email",
-      "username" : "elastic"
-    },
-    "external_url" : "external_url",
-    "pushed_at" : "2000-01-23T04:56:07.000+00:00",
-    "connector_id" : "connector_id",
-    "external_id" : "external_id",
-    "connector_name" : "connector_name"
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - case_response_properties -

401

- Authorization information is missing or invalid. - 4xx_response -
-
-
-
- Up -
patch /s/{spaceId}/api/cases/configure/{configurationId}
-
Updates external connection details, such as the closure type and default connector for cases. (updateCaseConfiguration)
-
You must have all privileges for the Cases feature in the Management, Observability, or Security section of the Kibana feature privileges, depending on the owner of the case configuration. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. Refer to the add connectors API.
- -

Path parameters

-
-
configurationId (required)
- -
Path Parameter — An identifier for the configuration. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
updateCaseConfiguration_request updateCaseConfiguration_request (optional)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "closure_type" : "close-by-user",
-  "owner" : "cases",
-  "mappings" : [ {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  }, {
-    "action_type" : "overwrite",
-    "source" : "title",
-    "target" : "summary"
-  } ],
-  "connector" : {
-    "name" : "none",
-    "id" : "none",
-    "fields" : "{}",
-    "type" : ".none"
-  },
-  "updated_at" : "2022-06-01T19:58:48.169Z",
-  "updated_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "created_at" : "2022-06-01T17:07:17.767Z",
-  "id" : "4a97a440-e1cd-11ec-be9b-9b1838238ee6",
-  "error" : "error",
-  "created_by" : {
-    "full_name" : "full_name",
-    "profile_uid" : "u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0",
-    "email" : "email",
-    "username" : "elastic"
-  },
-  "version" : "WzIwNzMsMV0="
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 4xx_response -
-
- -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    -
  1. 4xx_response - Unsuccessful cases API response
  2. -
  3. Case_response_properties_for_comments_inner -
  4. -
  5. Case_response_properties_for_connectors - Case response properties for connectors
  6. -
  7. action_types -
  8. -
  9. actions -
  10. -
  11. add_alert_comment_request_properties - Add case comment request properties for alerts
  12. -
  13. add_case_comment_request - Add case comment request
  14. -
  15. add_user_comment_request_properties - Add case comment request properties for user comments
  16. -
  17. alert_comment_response_properties - Add case comment response properties for alerts
  18. -
  19. alert_comment_response_properties_rule -
  20. -
  21. alert_identifiers - Alert identifiers
  22. -
  23. alert_indices - Alert indices
  24. -
  25. alert_response_properties -
  26. -
  27. assignees_inner -
  28. -
  29. case_response_closed_by_properties - Case response properties for closed_by
  30. -
  31. case_response_created_by_properties - Case response properties for created_by
  32. -
  33. case_response_properties - Case response properties
  34. -
  35. case_response_pushed_by_properties - Case response properties for pushed_by
  36. -
  37. case_response_updated_by_properties - Case response properties for updated_by
  38. -
  39. closure_types -
  40. -
  41. connector_properties_cases_webhook - Create or upate case request properties for Cases Webhook connector
  42. -
  43. connector_properties_jira - Create or update case request properties for a Jira connector
  44. -
  45. connector_properties_jira_fields -
  46. -
  47. connector_properties_none - Create or update case request properties for no connector
  48. -
  49. connector_properties_resilient - Create case request properties for a IBM Resilient connector
  50. -
  51. connector_properties_resilient_fields -
  52. -
  53. connector_properties_servicenow - Create case request properties for a ServiceNow ITSM connector
  54. -
  55. connector_properties_servicenow_fields -
  56. -
  57. connector_properties_servicenow_sir - Create case request properties for a ServiceNow SecOps connector
  58. -
  59. connector_properties_servicenow_sir_fields -
  60. -
  61. connector_properties_swimlane - Create case request properties for a Swimlane connector
  62. -
  63. connector_properties_swimlane_fields -
  64. -
  65. connector_types -
  66. -
  67. create_case_request - Create case request
  68. -
  69. create_case_request_connector -
  70. -
  71. external_service -
  72. -
  73. getCaseComment_200_response -
  74. -
  75. getCaseConfiguration_200_response_inner -
  76. -
  77. getCaseConfiguration_200_response_inner_connector -
  78. -
  79. getCaseConfiguration_200_response_inner_created_by -
  80. -
  81. getCaseConfiguration_200_response_inner_mappings_inner -
  82. -
  83. getCaseConfiguration_200_response_inner_updated_by -
  84. -
  85. getCaseConnectors_200_response_inner -
  86. -
  87. getCaseConnectors_200_response_inner_config -
  88. -
  89. getCaseStatus_200_response -
  90. -
  91. getCasesByAlert_200_response_inner -
  92. -
  93. getCases_200_response -
  94. -
  95. getCases_assignees_parameter -
  96. -
  97. getCases_owner_parameter -
  98. -
  99. owners -
  100. -
  101. payload_alert_comment -
  102. -
  103. payload_alert_comment_comment -
  104. -
  105. payload_alert_comment_comment_alertId -
  106. -
  107. payload_alert_comment_comment_index -
  108. -
  109. payload_assignees -
  110. -
  111. payload_connector -
  112. -
  113. payload_connector_connector -
  114. -
  115. payload_connector_connector_fields -
  116. -
  117. payload_create_case -
  118. -
  119. payload_description -
  120. -
  121. payload_pushed -
  122. -
  123. payload_settings -
  124. -
  125. payload_severity -
  126. -
  127. payload_status -
  128. -
  129. payload_tags -
  130. -
  131. payload_title -
  132. -
  133. payload_user_comment -
  134. -
  135. payload_user_comment_comment -
  136. -
  137. rule - Alerting rule
  138. -
  139. setCaseConfiguration_request -
  140. -
  141. setCaseConfiguration_request_connector -
  142. -
  143. setCaseConfiguration_request_settings -
  144. -
  145. settings -
  146. -
  147. severity_property -
  148. -
  149. status -
  150. -
  151. updateCaseConfiguration_request -
  152. -
  153. update_alert_comment_request_properties - Update case comment request properties for alerts
  154. -
  155. update_case_comment_request - Update case comment request
  156. -
  157. update_case_request - Update case request
  158. -
  159. update_case_request_cases_inner -
  160. -
  161. update_user_comment_request_properties - Update case comment request properties for user comments
  162. -
  163. user_actions_response_properties -
  164. -
  165. user_actions_response_properties_created_by -
  166. -
  167. user_actions_response_properties_payload -
  168. -
  169. user_comment_response_properties - Case response properties for user comments
  170. -
- -
-

4xx_response - Unsuccessful cases API response Up

-
-
-
error (optional)
-
message (optional)
-
statusCode (optional)
-
-
-
-

Case_response_properties_for_comments_inner - Up

-
-
-
alertId (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
id (optional)
-
index (optional)
-
owner (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
rule (optional)
-
type
-
Enum:
-
user
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
comment (optional)
-
-
-
-

Case_response_properties_for_connectors - Case response properties for connectors Up

-
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.swimlane
-
-
-
-

action_types - Up

-
The type of action.
-
-
-
-
-

actions - Up

-
-
-
-
-
-

add_alert_comment_request_properties - Add case comment request properties for alerts Up

-
Defines properties for case comment requests when type is alert.
-
-
alertId
-
index
-
owner
-
rule
-
type
String The type of comment.
-
Enum:
-
alert
-
-
-
-

add_case_comment_request - Add case comment request Up

-
The add comment to case API request body varies depending on whether you are adding an alert or a comment.
-
-
alertId
-
index
-
owner
-
rule
-
type
String The type of comment.
-
Enum:
-
user
-
comment
String The new comment. It is required only when type is user.
-
-
-
-

add_user_comment_request_properties - Add case comment request properties for user comments Up

-
Defines properties for case comment requests when type is user.
-
-
comment
String The new comment. It is required only when type is user.
-
owner
-
type
String The type of comment.
-
Enum:
-
user
-
-
-
-

alert_comment_response_properties - Add case comment response properties for alerts Up

-
-
-
alertId (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
id (optional)
-
index (optional)
-
owner (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
rule (optional)
-
type
-
Enum:
-
alert
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
-
-
-

alert_comment_response_properties_rule - Up

-
-
-
id (optional)
String The rule identifier.
-
name (optional)
String The rule name.
-
-
-
-

alert_identifiers - Alert identifiers Up

-
The alert identifiers. It is required only when type is alert. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; index must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-
-
-
-
-

alert_indices - Alert indices Up

-
The alert indices. It is required only when type is alert. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the alertId array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-
-
-
-
-

alert_response_properties - Up

-
-
-
attached_at (optional)
Date format: date-time
-
id (optional)
String The alert identifier.
-
index (optional)
String The alert index.
-
-
-
-

assignees_inner - Up

-
-
-
uid
String A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.
-
-
-
-

case_response_closed_by_properties - Case response properties for closed_by Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

case_response_created_by_properties - Case response properties for created_by Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

case_response_properties - Case response properties Up

-
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
closed_at
Date format: date-time
-
closed_by
-
comments
array[Case_response_properties_for_comments_inner] An array of comment objects for the case.
-
connector
-
created_at
Date format: date-time
-
created_by
-
description
-
duration
Integer The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.
-
external_service
-
id
-
owner
-
settings
-
severity
-
status
-
tags
-
title
-
totalAlerts
-
totalComment
-
updated_at
Date format: date-time
-
updated_by
-
version
-
-
-
-

case_response_pushed_by_properties - Case response properties for pushed_by Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

case_response_updated_by_properties - Case response properties for updated_by Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

closure_types - Up

-
Indicates whether a case is automatically closed when it is pushed to external systems (close-by-pushing) or not automatically closed (close-by-user).
-
-
-
-
-

connector_properties_cases_webhook - Create or upate case request properties for Cases Webhook connector Up

-
Defines properties for connectors when type is .cases-webhook.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.cases-webhook
-
-
-
-

connector_properties_jira - Create or update case request properties for a Jira connector Up

-
Defines properties for connectors when type is .jira.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.jira
-
-
-
-

connector_properties_jira_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
issueType
String The type of issue.
-
parent
String The key of the parent issue, when the issue type is sub-task.
-
priority
String The priority of the issue.
-
-
-
-

connector_properties_none - Create or update case request properties for no connector Up

-
Defines properties for connectors when type is .none.
-
-
fields
String An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.
-
id
String The identifier for the connector. To create a case without a connector, use none. To update a case to remove the connector, specify none.
-
name
String The name of the connector. To create a case without a connector, use none. To update a case to remove the connector, specify none.
-
type
String The type of connector. To create a case without a connector, use .none. To update a case to remove the connector, specify .none.
-
Enum:
-
.none
-
-
-
-

connector_properties_resilient - Create case request properties for a IBM Resilient connector Up

-
Defines properties for connectors when type is .resilient.
-
-
fields
-
id
String The identifier for the connector.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.resilient
-
-
-
-

connector_properties_resilient_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
issueTypes
array[String] The type of incident.
-
severityCode
String The severity code of the incident.
-
-
-
-

connector_properties_servicenow - Create case request properties for a ServiceNow ITSM connector Up

-
Defines properties for connectors when type is .servicenow.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.servicenow
-
-
-
-

connector_properties_servicenow_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
category
String The category of the incident.
-
impact
String The effect an incident had on business.
-
severity
String The severity of the incident.
-
subcategory
String The subcategory of the incident.
-
urgency
String The extent to which the incident resolution can be delayed.
-
-
-
-

connector_properties_servicenow_sir - Create case request properties for a ServiceNow SecOps connector Up

-
Defines properties for connectors when type is .servicenow-sir.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.servicenow-sir
-
-
-
-

connector_properties_servicenow_sir_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
category
String The category of the incident.
-
destIp
Boolean Indicates whether cases will send a comma-separated list of destination IPs.
-
malwareHash
Boolean Indicates whether cases will send a comma-separated list of malware hashes.
-
malwareUrl
Boolean Indicates whether cases will send a comma-separated list of malware URLs.
-
priority
String The priority of the issue.
-
sourceIp
Boolean Indicates whether cases will send a comma-separated list of source IPs.
-
subcategory
String The subcategory of the incident.
-
-
-
-

connector_properties_swimlane - Create case request properties for a Swimlane connector Up

-
Defines properties for connectors when type is .swimlane.
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.swimlane
-
-
-
-

connector_properties_swimlane_fields - Up

-
An object containing the connector fields. If you want to omit any individual field, specify null as its value.
-
-
caseId
String The case identifier for Swimlane connectors.
-
-
-
-

connector_types - Up

-
The type of connector.
-
-
-
-
-

create_case_request - Create case request Up

-
The create case API request body varies depending on the type of connector.
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
connector
-
description
String The description for the case.
-
owner
-
settings
-
severity (optional)
-
tags
array[String] The words and phrases that help categorize cases. It can be an empty array.
-
title
String A title for the case.
-
-
-
-

create_case_request_connector - Up

-
-
-
fields
-
id
String The identifier for the connector. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector.
-
type
String The type of connector.
-
Enum:
-
.swimlane
-
-
-
-

external_service - Up

-
-
-
connector_id (optional)
-
connector_name (optional)
-
external_id (optional)
-
external_title (optional)
-
external_url (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
-
-
-

getCaseComment_200_response - Up

-
-
-
alertId (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
id (optional)
-
index (optional)
-
owner (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
rule (optional)
-
type
-
Enum:
-
user
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
comment (optional)
-
-
-
-

getCaseConfiguration_200_response_inner - Up

-
-
-
closure_type (optional)
-
connector (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
error (optional)
-
id (optional)
-
mappings (optional)
-
owner (optional)
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
-
-
-

getCaseConfiguration_200_response_inner_connector - Up

-
-
-
fields (optional)
Object The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null.
-
id (optional)
String The identifier for the connector. If you do not want a default connector, use none. To retrieve connector IDs, use the find connectors API.
-
name (optional)
String The name of the connector. If you do not want a default connector, use none. To retrieve connector names, use the find connectors API.
-
type (optional)
-
-
-
-

getCaseConfiguration_200_response_inner_created_by - Up

-
-
-
email (optional)
-
full_name (optional)
-
username (optional)
-
profile_uid (optional)
-
-
-
-

getCaseConfiguration_200_response_inner_mappings_inner - Up

-
-
-
action_type (optional)
-
source (optional)
-
target (optional)
-
-
-
-

getCaseConfiguration_200_response_inner_updated_by - Up

-
-
-
email (optional)
-
full_name (optional)
-
username (optional)
-
profile_uid (optional)
-
-
-
-

getCaseConnectors_200_response_inner - Up

-
-
-
actionTypeId (optional)
-
config (optional)
-
id (optional)
-
isDeprecated (optional)
-
isMissingSecrets (optional)
-
isPreconfigured (optional)
-
name (optional)
-
referencedByCount (optional)
-
-
-
-

getCaseConnectors_200_response_inner_config - Up

-
-
-
apiUrl (optional)
-
projectKey (optional)
-
-
-
-

getCaseStatus_200_response - Up

-
-
-
count_closed_cases (optional)
-
count_in_progress_cases (optional)
-
count_open_cases (optional)
-
-
-
-

getCasesByAlert_200_response_inner - Up

-
-
-
id (optional)
String The case identifier.
-
title (optional)
String The case title.
-
-
-
-

getCases_200_response - Up

-
-
-
cases (optional)
-
count_closed_cases (optional)
-
count_in_progress_cases (optional)
-
count_open_cases (optional)
-
page (optional)
-
per_page (optional)
-
total (optional)
-
-
- - -
-

owners - Up

-
The application that owns the cases: Stack Management, Observability, or Elastic Security.
-
-
-
- -
-

payload_alert_comment_comment - Up

-
-
-
alertId (optional)
-
index (optional)
-
owner (optional)
-
rule (optional)
-
type (optional)
-
Enum:
-
alert
-
-
- - -
-

payload_assignees - Up

-
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
-
-
-

payload_connector - Up

-
-
-
connector (optional)
-
-
-
-

payload_connector_connector - Up

-
-
-
fields (optional)
-
id (optional)
String The identifier for the connector. To create a case without a connector, use none.
-
name (optional)
String The name of the connector. To create a case without a connector, use none.
-
type (optional)
-
-
-
-

payload_connector_connector_fields - Up

-
An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.
-
-
caseId (optional)
String The case identifier for Swimlane connectors.
-
category (optional)
String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
-
destIp (optional)
Boolean Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.
-
impact (optional)
String The effect an incident had on business for ServiceNow ITSM connectors.
-
issueType (optional)
String The type of issue for Jira connectors.
-
issueTypes (optional)
array[String] The type of incident for IBM Resilient connectors.
-
malwareHash (optional)
Boolean Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.
-
malwareUrl (optional)
Boolean Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.
-
parent (optional)
String The key of the parent issue, when the issue type is sub-task for Jira connectors.
-
priority (optional)
String The priority of the issue for Jira and ServiceNow SecOps connectors.
-
severity (optional)
String The severity of the incident for ServiceNow ITSM connectors.
-
severityCode (optional)
String The severity code of the incident for IBM Resilient connectors.
-
sourceIp (optional)
Boolean Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.
-
subcategory (optional)
String The subcategory of the incident for ServiceNow ITSM connectors.
-
urgency (optional)
String The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.
-
-
-
-

payload_create_case - Up

-
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
connector (optional)
-
description (optional)
-
owner (optional)
-
settings (optional)
-
severity (optional)
-
status (optional)
-
tags (optional)
-
title (optional)
-
-
-
-

payload_description - Up

-
-
-
description (optional)
-
-
-
-

payload_pushed - Up

-
-
-
externalService (optional)
-
-
-
-

payload_settings - Up

-
-
-
settings (optional)
-
-
-
-

payload_severity - Up

-
-
-
severity (optional)
-
-
-
-

payload_status - Up

-
-
-
status (optional)
-
-
-
-

payload_tags - Up

-
-
-
tags (optional)
-
-
-
-

payload_title - Up

-
-
-
title (optional)
-
-
- -
-

payload_user_comment_comment - Up

-
-
-
comment (optional)
-
owner (optional)
-
type (optional)
-
Enum:
-
user
-
-
-
-

rule - Alerting rule Up

-
The rule that is associated with the alerts. It is required only when type is alert. This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-
-
id (optional)
String The rule identifier.
-
name (optional)
String The rule name.
-
-
- -
-

setCaseConfiguration_request_connector - Up

-
An object that contains the connector configuration.
-
-
fields
Object The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to null.
-
id
String The identifier for the connector. If you do not want a default connector, use none. To retrieve connector IDs, use the find connectors API.
-
name
String The name of the connector. If you do not want a default connector, use none. To retrieve connector names, use the find connectors API.
-
type
-
-
-
-

setCaseConfiguration_request_settings - Up

-
An object that contains the case settings.
-
-
syncAlerts
Boolean Turns alert syncing on or off.
-
-
-
-

settings - Up

-
An object that contains the case settings.
-
-
syncAlerts
Boolean Turns alert syncing on or off.
-
-
-
-

severity_property - Up

-
The severity of the case.
-
-
-
-
-

status - Up

-
The status of the case.
-
-
-
-
-

updateCaseConfiguration_request - Up

-
-
-
closure_type (optional)
-
connector (optional)
-
version
String The version of the connector. To retrieve the version value, use the get configuration API.
-
-
-
-

update_alert_comment_request_properties - Update case comment request properties for alerts Up

-
Defines properties for case comment requests when type is alert.
-
-
alertId
-
id
String The identifier for the comment. To retrieve comment IDs, use the get comments API.
-
index
-
owner
-
rule
-
type
String The type of comment.
-
Enum:
-
alert
-
version
String The current comment version. To retrieve version values, use the get comments API.
-
-
-
-

update_case_comment_request - Update case comment request Up

-
The update case comment API request body varies depending on whether you are updating an alert or a comment.
-
-
alertId
-
id
String The identifier for the comment. To retrieve comment IDs, use the get comments API.
-
index
-
owner
-
rule
-
type
String The type of comment.
-
Enum:
-
user
-
version
String The current comment version. To retrieve version values, use the get comments API.
-
comment
String The new comment. It is required only when type is user.
-
-
-
-

update_case_request - Update case request Up

-
The update case API request body varies depending on the type of connector.
-
-
cases
array[update_case_request_cases_inner] An array containing one or more case objects.
-
-
-
-

update_case_request_cases_inner - Up

-
-
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
connector (optional)
-
description (optional)
String An updated description for the case.
-
id
String The identifier for the case.
-
settings (optional)
-
severity (optional)
-
status (optional)
-
tags (optional)
array[String] The words and phrases that help categorize cases.
-
title (optional)
String A title for the case.
-
version
String The current version of the case. To determine this value, use the get case or find cases APIs.
-
-
-
-

update_user_comment_request_properties - Update case comment request properties for user comments Up

-
Defines properties for case comment requests when type is user.
-
-
comment
String The new comment. It is required only when type is user.
-
id
String The identifier for the comment. To retrieve comment IDs, use the get comments API.
-
owner
-
type
String The type of comment.
-
Enum:
-
user
-
version
String The current comment version. To retrieve version values, use the get comments API.
-
-
-
-

user_actions_response_properties - Up

-
-
-
action
-
action_id
-
case_id
-
comment_id
-
created_at
Date format: date-time
-
created_by
-
owner
-
payload
-
type
-
-
-
-

user_actions_response_properties_created_by - Up

-
-
-
email
-
full_name
-
username
-
profile_uid (optional)
-
-
-
-

user_actions_response_properties_payload - Up

-
-
-
comment (optional)
-
assignees (optional)
array[assignees_inner] An array containing users that are assigned to the case.
-
connector (optional)
-
description (optional)
-
owner (optional)
-
settings (optional)
-
severity (optional)
-
status (optional)
-
tags (optional)
-
title (optional)
-
externalService (optional)
-
-
-
-

user_comment_response_properties - Case response properties for user comments Up

-
-
-
comment (optional)
-
created_at (optional)
Date format: date-time
-
created_by (optional)
-
id (optional)
-
owner (optional)
-
pushed_at (optional)
Date format: date-time
-
pushed_by (optional)
-
type
-
Enum:
-
user
-
updated_at (optional)
Date format: date-time
-
updated_by (optional)
-
version (optional)
-
-
-
-++++ diff --git a/docs/api-generated/cases/case-apis.asciidoc b/docs/api-generated/cases/case-apis.asciidoc deleted file mode 100644 index fdd9a941a58e6..0000000000000 --- a/docs/api-generated/cases/case-apis.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[[case-apis]] -== Case APIs - -preview::[] - -//// -This file includes content that has been generated from https://github.com/elastic/kibana/tree/main/x-pack/plugins/cases/docs/openapi. Any modifications required must be done in that open API specification. -//// - -include::case-apis-passthru.asciidoc[] \ No newline at end of file diff --git a/docs/api-generated/connectors/connector-apis-passthru.asciidoc b/docs/api-generated/connectors/connector-apis-passthru.asciidoc deleted file mode 100644 index c51d4332bc501..0000000000000 --- a/docs/api-generated/connectors/connector-apis-passthru.asciidoc +++ /dev/null @@ -1,2318 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

-
    -
  1. APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
  2. -
  3. HTTP Basic Authentication
  4. -
- -

Methods

- [ Jump to Models ] - -

Table of Contents

-
-

Connectors

- - -

Connectors

-
-
- Up -
post /s/{spaceId}/api/actions/connector
-
Creates a connector. (createConnector)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Create_connector_request_body_properties Create_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - connector_response_properties -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
delete /s/{spaceId}/api/actions/connector/{connectorId}
-
Deletes a connector. (deleteConnector)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. WARNING: When you delete a connector, it cannot be recovered.
- -

Path parameters

-
-
connectorId (required)
- -
Path Parameter — An identifier for the connector. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - getConnector_404_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/connector/{connectorId}
-
Retrieves a connector by ID. (getConnector)
-
You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
connectorId (required)
- -
Path Parameter — An identifier for the connector. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - connector_response_properties -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - getConnector_404_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/connector_types
-
Retrieves a list of all connector types. (getConnectorTypes)
-
You do not need any Kibana feature privileges to run this API.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
feature_id (optional)
- -
Query Parameter — A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases). default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "supported_feature_ids" : [ "alerting", "uptime", "siem" ],
-  "name" : "Index",
-  "enabled_in_license" : true,
-  "id" : ".server-log",
-  "enabled_in_config" : true,
-  "minimum_license_required" : "basic",
-  "enabled" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/connectors
-
Retrieves all connectors. (getConnectors)
-
You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "is_missing_secrets" : false,
-  "is_deprecated" : false,
-  "is_preconfigured" : false,
-  "name" : "my-connector",
-  "referenced_by_count" : 2,
-  "id" : "b0766e10-d190-11ec-b04c-776c77d14fca",
-  "config" : {
-    "key" : ""
-  },
-  "connector_type_id" : ".server-log"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/actions
-
Creates a connector. (legacyCreateConnector)
-
Deprecated in 7.13.0. Use the create connector API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_create_connector_request_properties Legacy_create_connector_request_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : "actionTypeId",
-  "name" : "name",
-  "id" : "id",
-  "config" : "{}",
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - action_response_properties -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
delete /s/{spaceId}/api/actions/action/{actionId}
-
Deletes a connector. (legacyDeleteConnector)
-
Deprecated in 7.13.0. Use the delete connector API instead. WARNING: When you delete a connector, it cannot be recovered.
- -

Path parameters

-
-
actionId (required)
- -
Path Parameter — An identifier for the action. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/action/{actionId}
-
Retrieves a connector by ID. (legacyGetConnector)
-
Deprecated in 7.13.0. Use the get connector API instead.
- -

Path parameters

-
-
actionId (required)
- -
Path Parameter — An identifier for the action. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : "actionTypeId",
-  "name" : "name",
-  "id" : "id",
-  "config" : "{}",
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - action_response_properties -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions/list_action_types
-
Retrieves a list of all connector types. (legacyGetConnectorTypes)
-
Deprecated in 7.13.0. Use the get all connector types API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "enabledInConfig" : true,
-  "name" : "name",
-  "enabledInLicense" : true,
-  "id" : "id",
-  "minimumLicenseRequired" : "minimumLicenseRequired",
-  "enabled" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/actions
-
Retrieves all connectors. (legacyGetConnectors)
-
Deprecated in 7.13.0. Use the get all connectors API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : "actionTypeId",
-  "name" : "name",
-  "id" : "id",
-  "config" : "{}",
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/actions/action/{actionId}/_execute
-
Runs a connector. (legacyRunConnector)
-
Deprecated in 7.13.0. Use the run connector API instead.
- -

Path parameters

-
-
actionId (required)
- -
Path Parameter — An identifier for the action. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_run_connector_request_body_properties Legacy_run_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "actionId" : "actionId",
-  "status" : "status"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - legacyRunConnector_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
put /s/{spaceId}/api/actions/action/{actionId}
-
Updates the attributes for a connector. (legacyUpdateConnector)
-
Deprecated in 7.13.0. Use the update connector API instead.
- -

Path parameters

-
-
actionId (required)
- -
Path Parameter — An identifier for the action. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_update_connector_request_body_properties Legacy_update_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "isPreconfigured" : true,
-  "isDeprecated" : true,
-  "actionTypeId" : "actionTypeId",
-  "name" : "name",
-  "id" : "id",
-  "config" : "{}",
-  "isMissingSecrets" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - action_response_properties -

404

- Object is not found. - 404_response -
-
-
-
- Up -
post /s/{spaceId}/api/actions/connector/{connectorId}/_execute
-
Runs a connector. (runConnector)
-
You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. You must have read privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges. If you use an index connector, you must also have all, create, index, or write indices privileges.
- -

Path parameters

-
-
connectorId (required)
- -
Path Parameter — An identifier for the connector. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Run_connector_request_body_properties Run_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "connector_id" : "connector_id",
-  "status" : "error"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - runConnector_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
put /s/{spaceId}/api/actions/connector/{connectorId}
-
Updates the attributes for a connector. (updateConnector)
-
You must have all privileges for the Actions and Connectors feature in the Management section of the Kibana feature privileges.
- -

Path parameters

-
-
connectorId (required)
- -
Path Parameter — An identifier for the connector. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Update_connector_request_body_properties Update_connector_request_body_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
null
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - connector_response_properties -

400

- Indicates a bad request. - updateConnector_400_response -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
- -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    -
  1. 401_response - Unsuccessful rule API response
  2. -
  3. 404_response -
  4. -
  5. Alert_identifier_mapping - Alert identifier mapping
  6. -
  7. Case_comment_mapping - Case comment mapping
  8. -
  9. Case_description_mapping - Case description mapping
  10. -
  11. Case_identifier_mapping - Case identifier mapping
  12. -
  13. Case_name_mapping - Case name mapping
  14. -
  15. Connector_mappings_properties_for_a_Swimlane_connector - Connector mappings properties for a Swimlane connector
  16. -
  17. Create_connector_request_body_properties - Create connector request body properties
  18. -
  19. Get_connector_types_response_body_properties_inner -
  20. -
  21. Get_connectors_response_body_properties - Get connectors response body properties
  22. -
  23. Legacy_create_connector_request_properties - Legacy create connector request properties
  24. -
  25. Legacy_get_connector_types_response_body_properties_inner -
  26. -
  27. Legacy_run_connector_request_body_properties - Legacy run connector request body properties
  28. -
  29. Legacy_update_connector_request_body_properties - Legacy update connector request body properties
  30. -
  31. Rule_name_mapping - Rule name mapping
  32. -
  33. Run_connector_request_body_properties - Run connector request body properties
  34. -
  35. Run_connector_request_body_properties_params -
  36. -
  37. Severity_mapping - Severity mapping
  38. -
  39. Subaction_parameters - Subaction parameters
  40. -
  41. Update_connector_request_body_properties - Update connector request body properties
  42. -
  43. action_response_properties - Action response properties
  44. -
  45. config_properties_cases_webhook - Connector request properties for Webhook - Case Management connector
  46. -
  47. config_properties_index - Connector request properties for an index connector
  48. -
  49. config_properties_jira - Connector request properties for a Jira connector
  50. -
  51. config_properties_opsgenie - Connector request properties for an Opsgenie connector
  52. -
  53. config_properties_resilient - Connector request properties for a IBM Resilient connector
  54. -
  55. config_properties_servicenow - Connector request properties for a ServiceNow ITSM connector
  56. -
  57. config_properties_servicenow_itom - Connector request properties for a ServiceNow ITSM connector
  58. -
  59. config_properties_swimlane - Connector request properties for a Swimlane connector
  60. -
  61. connector_response_properties - Connector response properties
  62. -
  63. connector_response_properties_cases_webhook - Connector request properties for a Webhook - Case Management connector
  64. -
  65. connector_response_properties_email - Connector response properties for an email connector
  66. -
  67. connector_response_properties_index - Connector response properties for an index connector
  68. -
  69. connector_response_properties_jira - Connector response properties for a Jira connector
  70. -
  71. connector_response_properties_opsgenie - Connector response properties for an Opsgenie connector
  72. -
  73. connector_response_properties_pagerduty - Connector response properties for a PagerDuty connector
  74. -
  75. connector_response_properties_resilient - Connector response properties for a IBM Resilient connector
  76. -
  77. connector_response_properties_serverlog - Connector response properties for a server log connector
  78. -
  79. connector_response_properties_servicenow - Connector response properties for a ServiceNow ITSM connector
  80. -
  81. connector_response_properties_servicenow_itom - Connector response properties for a ServiceNow ITOM connector
  82. -
  83. connector_response_properties_servicenow_sir - Connector response properties for a ServiceNow SecOps connector
  84. -
  85. connector_response_properties_slack - Connector response properties for a Slack connector
  86. -
  87. connector_response_properties_swimlane - Connector response properties for a Swimlane connector
  88. -
  89. connector_response_properties_teams - Connector response properties for a Microsoft Teams connector
  90. -
  91. connector_response_properties_tines - Connector response properties for a Tines connector
  92. -
  93. connector_response_properties_webhook - Connector response properties for a Webhook connector
  94. -
  95. connector_response_properties_xmatters - Connector response properties for an xMatters connector
  96. -
  97. connector_types - Connector types
  98. -
  99. create_connector_request_cases_webhook - Create Webhook - Case Managment connector request
  100. -
  101. create_connector_request_email - Create email connector request
  102. -
  103. create_connector_request_index - Create index connector request
  104. -
  105. create_connector_request_jira - Create Jira connector request
  106. -
  107. create_connector_request_opsgenie - Create Opsgenie connector request
  108. -
  109. create_connector_request_pagerduty - Create PagerDuty connector request
  110. -
  111. create_connector_request_resilient - Create IBM Resilient connector request
  112. -
  113. create_connector_request_serverlog - Create server log connector request
  114. -
  115. create_connector_request_servicenow - Create ServiceNow ITSM connector request
  116. -
  117. create_connector_request_servicenow_itom - Create ServiceNow ITOM connector request
  118. -
  119. create_connector_request_servicenow_sir - Create ServiceNow SecOps connector request
  120. -
  121. create_connector_request_slack - Create Slack connector request
  122. -
  123. create_connector_request_swimlane - Create Swimlane connector request
  124. -
  125. create_connector_request_teams - Create Microsoft Teams connector request
  126. -
  127. create_connector_request_tines - Create Tines connector request
  128. -
  129. create_connector_request_webhook - Create Webhook connector request
  130. -
  131. create_connector_request_xmatters - Create xMatters connector request
  132. -
  133. features -
  134. -
  135. getConnector_404_response -
  136. -
  137. legacyRunConnector_200_response -
  138. -
  139. runConnector_200_response -
  140. -
  141. runConnector_200_response_data -
  142. -
  143. run_connector_params_documents - Index connector parameters
  144. -
  145. run_connector_params_level_message - Server log connector parameters
  146. -
  147. run_connector_subaction_addevent - The addEvent subaction
  148. -
  149. run_connector_subaction_addevent_subActionParams -
  150. -
  151. run_connector_subaction_closealert - The closeAlert subaction
  152. -
  153. run_connector_subaction_closealert_subActionParams -
  154. -
  155. run_connector_subaction_createalert - The createAlert subaction
  156. -
  157. run_connector_subaction_createalert_subActionParams -
  158. -
  159. run_connector_subaction_createalert_subActionParams_responders_inner -
  160. -
  161. run_connector_subaction_createalert_subActionParams_visibleTo_inner -
  162. -
  163. run_connector_subaction_fieldsbyissuetype - The fieldsByIssueType subaction
  164. -
  165. run_connector_subaction_fieldsbyissuetype_subActionParams -
  166. -
  167. run_connector_subaction_getchoices - The getChoices subaction
  168. -
  169. run_connector_subaction_getchoices_subActionParams -
  170. -
  171. run_connector_subaction_getfields - The getFields subaction
  172. -
  173. run_connector_subaction_getincident - The getIncident subaction
  174. -
  175. run_connector_subaction_getincident_subActionParams -
  176. -
  177. run_connector_subaction_issue - The issue subaction
  178. -
  179. run_connector_subaction_issue_subActionParams -
  180. -
  181. run_connector_subaction_issues - The issues subaction
  182. -
  183. run_connector_subaction_issues_subActionParams -
  184. -
  185. run_connector_subaction_issuetypes - The issueTypes subaction
  186. -
  187. run_connector_subaction_pushtoservice - The pushToService subaction
  188. -
  189. run_connector_subaction_pushtoservice_subActionParams -
  190. -
  191. run_connector_subaction_pushtoservice_subActionParams_comments_inner -
  192. -
  193. run_connector_subaction_pushtoservice_subActionParams_incident -
  194. -
  195. run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip -
  196. -
  197. run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash -
  198. -
  199. run_connector_subaction_pushtoservice_subActionParams_incident_malware_url -
  200. -
  201. run_connector_subaction_pushtoservice_subActionParams_incident_source_ip -
  202. -
  203. secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector
  204. -
  205. secrets_properties_jira - Connector secrets properties for a Jira connector
  206. -
  207. secrets_properties_opsgenie - Connector secrets properties for an Opsgenie connector
  208. -
  209. secrets_properties_resilient - Connector secrets properties for IBM Resilient connector
  210. -
  211. secrets_properties_servicenow - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors
  212. -
  213. secrets_properties_swimlane - Connector secrets properties for a Swimlane connector
  214. -
  215. updateConnector_400_response -
  216. -
  217. update_connector_request_cases_webhook - Update Webhook - Case Managment connector request
  218. -
  219. update_connector_request_index - Update index connector request
  220. -
  221. update_connector_request_jira - Update Jira connector request
  222. -
  223. update_connector_request_opsgenie - Update Opsgenie connector request
  224. -
  225. update_connector_request_resilient - Update IBM Resilient connector request
  226. -
  227. update_connector_request_serverlog - Update server log connector request
  228. -
  229. update_connector_request_servicenow - Update ServiceNow ITSM connector or ServiceNow SecOps request
  230. -
  231. update_connector_request_servicenow_itom - Create ServiceNow ITOM connector request
  232. -
  233. update_connector_request_swimlane - Update Swimlane connector request
  234. -
- -
-

401_response - Unsuccessful rule API response Up

-
-
-
error (optional)
-
Enum:
-
Unauthorized
-
message (optional)
-
statusCode (optional)
-
Enum:
-
401
-
-
-
-

404_response - Up

-
-
-
error (optional)
-
Enum:
-
Not Found
-
message (optional)
-
statusCode (optional)
-
Enum:
-
404
-
-
-
-

Alert_identifier_mapping - Alert identifier mapping Up

-
Mapping for the alert ID.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Case_comment_mapping - Case comment mapping Up

-
Mapping for the case comments.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Case_description_mapping - Case description mapping Up

-
Mapping for the case description.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Case_identifier_mapping - Case identifier mapping Up

-
Mapping for the case ID.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Case_name_mapping - Case name mapping Up

-
Mapping for the case name.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Connector_mappings_properties_for_a_Swimlane_connector - Connector mappings properties for a Swimlane connector Up

-
The field mapping.
-
-
alertIdConfig (optional)
-
caseIdConfig (optional)
-
caseNameConfig (optional)
-
commentsConfig (optional)
-
descriptionConfig (optional)
-
ruleNameConfig (optional)
-
severityConfig (optional)
-
-
-
-

Create_connector_request_body_properties - Create connector request body properties Up

-
The properties vary depending on the connector type.
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .xmatters.
-
connector_type_id
String The type of connector.
-
Enum:
-
.xmatters
-
name
String The display name for the connector.
-
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is .xmatters.
-
-
-
-

Get_connector_types_response_body_properties_inner - Up

-
-
-
enabled (optional)
Boolean Indicates whether the connector type is enabled in Kibana.
-
enabled_in_config (optional)
Boolean Indicates whether the connector type is enabled in the Kibana .yml file.
-
enabled_in_license (optional)
Boolean Indicates whether the connector is enabled in the license.
-
id (optional)
-
minimum_license_required (optional)
String The license that is required to use the connector type.
-
name (optional)
String The name of the connector type.
-
supported_feature_ids (optional)
array[features] The Kibana features that are supported by the connector type.
-
-
-
-

Get_connectors_response_body_properties - Get connectors response body properties Up

-
The properties vary for each connector type.
-
-
connector_type_id
-
config (optional)
map[String, oas_any_type_not_mapped] The configuration for the connector. Configuration properties vary depending on the connector type.
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
referenced_by_count
Integer Indicates the number of saved objects that reference the connector. If is_preconfigured is true, this value is not calculated.
-
-
-
-

Legacy_create_connector_request_properties - Legacy create connector request properties Up

-
-
-
actionTypeId (optional)
String The connector type identifier.
-
config (optional)
Object The configuration for the connector. Configuration properties vary depending on the connector type.
-
name (optional)
String The display name for the connector.
-
secrets (optional)
Object The secrets configuration for the connector. Secrets configuration properties vary depending on the connector type. NOTE: Remember these values. You must provide them each time you update the connector.
-
-
-
-

Legacy_get_connector_types_response_body_properties_inner - Up

-
-
-
enabled (optional)
Boolean Indicates whether the connector type is enabled in Kibana.
-
enabledInConfig (optional)
Boolean Indicates whether the connector type is enabled in the Kibana .yml file.
-
enabledInLicense (optional)
Boolean Indicates whether the connector is enabled in the license.
-
id (optional)
String The unique identifier for the connector type.
-
minimumLicenseRequired (optional)
String The license that is required to use the connector type.
-
name (optional)
String The name of the connector type.
-
-
-
-

Legacy_run_connector_request_body_properties - Legacy run connector request body properties Up

-
The properties vary depending on the connector type.
-
-
params
Object The parameters of the connector. Parameter properties vary depending on the connector type.
-
-
-
-

Legacy_update_connector_request_body_properties - Legacy update connector request body properties Up

-
The properties vary depending on the connector type.
-
-
config (optional)
Object The new connector configuration. Configuration properties vary depending on the connector type.
-
name (optional)
String The new name for the connector.
-
secrets (optional)
Object The updated secrets configuration for the connector. Secrets properties vary depending on the connector type.
-
-
-
-

Rule_name_mapping - Rule name mapping Up

-
Mapping for the name of the alert's rule.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
- -
-

Run_connector_request_body_properties_params - Up

-
-
-
documents
array[map[String, oas_any_type_not_mapped]] The documents in JSON format for index connectors.
-
level (optional)
String The log level of the message for server log connectors.
-
Enum:
-
debug
error
fatal
info
trace
warn
-
message
String The message for server log connectors.
-
subAction
String The action to test.
-
Enum:
-
pushToService
-
subActionParams
-
-
-
-

Severity_mapping - Severity mapping Up

-
Mapping for the severity.
-
-
fieldType
String The type of field in Swimlane.
-
id
String The identifier for the field in Swimlane.
-
key
String The key for the field in Swimlane.
-
name
String The name of the field in Swimlane.
-
-
-
-

Subaction_parameters - Subaction parameters Up

-
Test an action that involves a subaction.
-
-
subAction
String The action to test.
-
Enum:
-
pushToService
-
subActionParams
-
-
-
-

Update_connector_request_body_properties - Update connector request body properties Up

-
The properties vary depending on the connector type.
-
-
config
-
name
String The display name for the connector.
-
secrets
-
-
-
-

action_response_properties - Action response properties Up

-
The properties vary depending on the action type.
-
-
actionTypeId (optional)
-
config (optional)
-
id (optional)
-
isDeprecated (optional)
Boolean Indicates whether the action type is deprecated.
-
isMissingSecrets (optional)
Boolean Indicates whether secrets are missing for the action.
-
isPreconfigured (optional)
Boolean Indicates whether it is a preconfigured action.
-
name (optional)
-
-
-
-

config_properties_cases_webhook - Connector request properties for Webhook - Case Management connector Up

-
Defines properties for connectors when type is .cases-webhook.
-
-
createCommentJson (optional)
String A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is case.comment. Due to Mustache template variables (the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
-
createCommentMethod (optional)
String The REST API HTTP request method to create a case comment in the third-party system. Valid values are patch, post, and put.
-
Enum:
-
patch
post
put
-
createCommentUrl (optional)
String The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
createIncidentJson
String A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are case.title and case.description. Due to Mustache template variables (which is the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
-
createIncidentMethod (optional)
String The REST API HTTP request method to create a case in the third-party system. Valid values are patch, post, and put.
-
Enum:
-
patch
post
put
-
createIncidentResponseKey
String The JSON key in the create case response that contains the external case ID.
-
createIncidentUrl
String The REST API URL to create a case in the third-party system. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
getIncidentResponseExternalTitleKey
String The JSON key in get case response that contains the external case title.
-
getIncidentUrl
String The REST API URL to get the case by ID from the third-party system. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
-
hasAuth (optional)
Boolean If true, a username and password for login type authentication must be provided.
-
headers (optional)
String A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.
-
updateIncidentJson
String The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are case.title and case.description. Due to Mustache template variables (which is the text enclosed in triple braces, for example, {{{case.title}}}), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
-
updateIncidentMethod (optional)
String The REST API HTTP request method to update the case in the third-party system. Valid values are patch, post, and put.
-
Enum:
-
patch
post
put
-
updateIncidentUrl
String The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
viewIncidentUrl
String The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.
-
-
-
-

config_properties_index - Connector request properties for an index connector Up

-
Defines properties for connectors when type is .index.
-
-
executionTimeField (optional)
String Specifies a field that will contain the time the alert condition was detected.
-
index
String The Elasticsearch index to be written to.
-
refresh (optional)
Boolean The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs.
-
-
-
-

config_properties_jira - Connector request properties for a Jira connector Up

-
Defines properties for connectors when type is .jira.
-
-
apiUrl
String The Jira instance URL.
-
projectKey
String The Jira project key.
-
-
-
-

config_properties_opsgenie - Connector request properties for an Opsgenie connector Up

-
Defines properties for connectors when type is .opsgenie.
-
-
apiUrl
String The Opsgenie URL. For example, https://api.opsgenie.com or https://api.eu.opsgenie.com. If you are using the xpack.actions.allowedHosts setting, add the hostname to the allowed hosts.
-
-
-
-

config_properties_resilient - Connector request properties for a IBM Resilient connector Up

-
Defines properties for connectors when type is .resilient.
-
-
apiUrl
String The IBM Resilient instance URL.
-
orgId
String The IBM Resilient organization ID.
-
-
-
-

config_properties_servicenow - Connector request properties for a ServiceNow ITSM connector Up

-
Defines properties for connectors when type is .servicenow.
-
-
apiUrl
String The ServiceNow instance URL.
-
clientId (optional)
String The client ID assigned to your OAuth application. This property is required when isOAuth is true.
-
isOAuth (optional)
Boolean The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
-
jwtKeyId (optional)
String The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when isOAuth is true.
-
userIdentifierValue (optional)
String The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is Email, the user identifier should be the user's email address. This property is required when isOAuth is true.
-
usesTableApi (optional)
Boolean Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. NOTE: If this property is set to false, the Elastic application should be installed in ServiceNow.
-
-
-
-

config_properties_servicenow_itom - Connector request properties for a ServiceNow ITSM connector Up

-
Defines properties for connectors when type is .servicenow.
-
-
apiUrl
String The ServiceNow instance URL.
-
clientId (optional)
String The client ID assigned to your OAuth application. This property is required when isOAuth is true.
-
isOAuth (optional)
Boolean The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
-
jwtKeyId (optional)
String The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when isOAuth is true.
-
userIdentifierValue (optional)
String The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is Email, the user identifier should be the user's email address. This property is required when isOAuth is true.
-
-
-
-

config_properties_swimlane - Connector request properties for a Swimlane connector Up

-
Defines properties for connectors when type is .swimlane.
-
-
apiUrl
String The Swimlane instance URL.
-
appId
String The Swimlane application ID.
-
connectorType
String The type of connector. Valid values are all, alerts, and cases.
-
Enum:
-
all
alerts
cases
-
mappings (optional)
-
-
-
-

connector_response_properties - Connector response properties Up

-
The properties vary depending on the connector type.
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .xmatters.
-
connector_type_id
String The type of connector.
-
Enum:
-
.xmatters
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_cases_webhook - Connector request properties for a Webhook - Case Management connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.cases-webhook
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_email - Connector response properties for an email connector Up

-
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .email.
-
connector_type_id
String The type of connector.
-
Enum:
-
.email
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_index - Connector response properties for an index connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.index
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_jira - Connector response properties for a Jira connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.jira
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_opsgenie - Connector response properties for an Opsgenie connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.opsgenie
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_pagerduty - Connector response properties for a PagerDuty connector Up

-
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .pagerduty.
-
connector_type_id
String The type of connector.
-
Enum:
-
.pagerduty
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_resilient - Connector response properties for a IBM Resilient connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.resilient
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_serverlog - Connector response properties for a server log connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.server-log
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_servicenow - Connector response properties for a ServiceNow ITSM connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_servicenow_itom - Connector response properties for a ServiceNow ITOM connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow-itom
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_servicenow_sir - Connector response properties for a ServiceNow SecOps connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow-sir
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_slack - Connector response properties for a Slack connector Up

-
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.slack
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_swimlane - Connector response properties for a Swimlane connector Up

-
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.swimlane
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_teams - Connector response properties for a Microsoft Teams connector Up

-
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.teams
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_tines - Connector response properties for a Tines connector Up

-
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .tines.
-
connector_type_id
String The type of connector.
-
Enum:
-
.tines
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_webhook - Connector response properties for a Webhook connector Up

-
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .webhook.
-
connector_type_id
String The type of connector.
-
Enum:
-
.webhook
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_response_properties_xmatters - Connector response properties for an xMatters connector Up

-
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .xmatters.
-
connector_type_id
String The type of connector.
-
Enum:
-
.xmatters
-
id
String The identifier for the connector.
-
is_deprecated
Boolean Indicates whether the connector type is deprecated.
-
is_missing_secrets (optional)
Boolean Indicates whether secrets are missing for the connector. Secrets configuration properties vary depending on the connector type.
-
is_preconfigured
Boolean Indicates whether it is a preconfigured connector. If true, the config and is_missing_secrets properties are omitted from the response.
-
name
String The display name for the connector.
-
-
-
-

connector_types - Connector types Up

-
The type of connector. For example, .email, .index, .jira, .opsgenie, or .server-log.
-
-
-
-
-

create_connector_request_cases_webhook - Create Webhook - Case Managment connector request Up

-
The Webhook - Case Management connector uses axios to send POST, PUT, and GET requests to a case management RESTful API web service.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.cases-webhook
-
name
String The display name for the connector.
-
secrets (optional)
-
-
-
-

create_connector_request_email - Create email connector request Up

-
The email connector uses the SMTP protocol to send mail messages, using an integration of Nodemailer. An exception is Microsoft Exchange, which uses HTTP protocol for sending emails, Send mail. Email message text is sent as both plain text and html text.
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .email.
-
connector_type_id
String The type of connector.
-
Enum:
-
.email
-
name
String The display name for the connector.
-
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is .email.
-
-
-
-

create_connector_request_index - Create index connector request Up

-
The index connector indexes a document into Elasticsearch.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.index
-
name
String The display name for the connector.
-
-
-
-

create_connector_request_jira - Create Jira connector request Up

-
The Jira connector uses the REST API v2 to create Jira issues.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.jira
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_opsgenie - Create Opsgenie connector request Up

-
The Opsgenie connector uses the Opsgenie alert API.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.opsgenie
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_pagerduty - Create PagerDuty connector request Up

-
The PagerDuty connector uses the v2 Events API to trigger, acknowledge, and resolve PagerDuty alerts.
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .pagerduty.
-
connector_type_id
String The type of connector.
-
Enum:
-
.pagerduty
-
name
String The display name for the connector.
-
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is .pagerduty.
-
-
-
-

create_connector_request_resilient - Create IBM Resilient connector request Up

-
The IBM Resilient connector uses the RESILIENT REST v2 to create IBM Resilient incidents.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.resilient
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_serverlog - Create server log connector request Up

-
This connector writes an entry to the Kibana server log.
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.server-log
-
name
String The display name for the connector.
-
-
-
-

create_connector_request_servicenow - Create ServiceNow ITSM connector request Up

-
The ServiceNow ITSM connector uses the import set API to create ServiceNow incidents. You can use the connector for rule actions and cases.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_servicenow_itom - Create ServiceNow ITOM connector request Up

-
The ServiceNow ITOM connector uses the event API to create ServiceNow events. You can use the connector for rule actions.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow-itom
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_servicenow_sir - Create ServiceNow SecOps connector request Up

-
The ServiceNow SecOps connector uses the import set API to create ServiceNow security incidents. You can use the connector for rule actions and cases.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.servicenow-sir
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_slack - Create Slack connector request Up

-
The Slack connector uses Slack Incoming Webhooks.
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.slack
-
name
String The display name for the connector.
-
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is .slack.
-
-
-
-

create_connector_request_swimlane - Create Swimlane connector request Up

-
The Swimlane connector uses the Swimlane REST API to create Swimlane records.
-
-
config
-
connector_type_id
String The type of connector.
-
Enum:
-
.swimlane
-
name
String The display name for the connector.
-
secrets
-
-
-
-

create_connector_request_teams - Create Microsoft Teams connector request Up

-
The Microsoft Teams connector uses Incoming Webhooks.
-
-
connector_type_id
String The type of connector.
-
Enum:
-
.teams
-
name
String The display name for the connector.
-
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is .teams.
-
-
-
-

create_connector_request_tines - Create Tines connector request Up

-
The Tines connector uses Tines Webhook actions to send events via POST request.
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .tines.
-
connector_type_id
String The type of connector.
-
Enum:
-
.tines
-
name
String The display name for the connector.
-
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is .tines.
-
-
-
-

create_connector_request_webhook - Create Webhook connector request Up

-
The Webhook connector uses axios to send a POST or PUT request to a web service.
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .webhook.
-
connector_type_id
String The type of connector.
-
Enum:
-
.webhook
-
name
String The display name for the connector.
-
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is .webhook.
-
-
-
-

create_connector_request_xmatters - Create xMatters connector request Up

-
The xMatters connector uses the xMatters Workflow for Elastic to send actionable alerts to on-call xMatters resources.
-
-
config
map[String, oas_any_type_not_mapped] Defines properties for connectors when type is .xmatters.
-
connector_type_id
String The type of connector.
-
Enum:
-
.xmatters
-
name
String The display name for the connector.
-
secrets
map[String, oas_any_type_not_mapped] Defines secrets for connectors when type is .xmatters.
-
-
-
-

features - Up

-
The feature that uses the connector. Valid values are alerting, cases, uptime, and siem.
-
-
-
-
-

getConnector_404_response - Up

-
-
-
error (optional)
-
message (optional)
-
statusCode (optional)
-
-
-
-

legacyRunConnector_200_response - Up

-
-
-
actionId (optional)
-
data (optional)
-
status (optional)
String The status of the action.
-
-
-
-

runConnector_200_response - Up

-
-
-
connector_id
String The identifier for the connector.
-
data (optional)
-
status
String The status of the action.
-
Enum:
-
error
ok
-
-
- -
-

run_connector_params_documents - Index connector parameters Up

-
Test an action that indexes a document into Elasticsearch.
-
-
documents
array[map[String, oas_any_type_not_mapped]] The documents in JSON format for index connectors.
-
-
-
-

run_connector_params_level_message - Server log connector parameters Up

-
Test an action that writes an entry to the Kibana server log.
-
-
level (optional)
String The log level of the message for server log connectors.
-
Enum:
-
debug
error
fatal
info
trace
warn
-
message
String The message for server log connectors.
-
-
-
-

run_connector_subaction_addevent - The addEvent subaction Up

-
The addEvent subaction for ServiceNow ITOM connectors.
-
-
subAction
String The action to test.
-
Enum:
-
addEvent
-
subActionParams (optional)
-
-
-
-

run_connector_subaction_addevent_subActionParams - Up

-
The set of configuration properties for the action.
-
-
additional_info (optional)
String Additional information about the event.
-
description (optional)
String The details about the event.
-
event_class (optional)
String A specific instance of the source.
-
message_key (optional)
String All actions sharing this key are associated with the same ServiceNow alert. The default value is <rule ID>:<alert instance ID>.
-
metric_name (optional)
String The name of the metric.
-
node (optional)
String The host that the event was triggered for.
-
resource (optional)
String The name of the resource.
-
severity (optional)
String The severity of the event.
-
source (optional)
String The name of the event source type.
-
time_of_event (optional)
String The time of the event.
-
type (optional)
String The type of event.
-
-
-
-

run_connector_subaction_closealert - The closeAlert subaction Up

-
The closeAlert subaction for Opsgenie connectors.
-
-
subAction
String The action to test.
-
Enum:
-
closeAlert
-
subActionParams
-
-
-
-

run_connector_subaction_closealert_subActionParams - Up

-
-
-
alias
String The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
-
note (optional)
String Additional information for the alert.
-
source (optional)
String The display name for the source of the alert.
-
user (optional)
String The display name for the owner.
-
-
-
-

run_connector_subaction_createalert - The createAlert subaction Up

-
The createAlert subaction for Opsgenie connectors.
-
-
subAction
String The action to test.
-
Enum:
-
createAlert
-
subActionParams
-
-
-
-

run_connector_subaction_createalert_subActionParams - Up

-
-
-
actions (optional)
array[String] The custom actions available to the alert.
-
alias (optional)
String The unique identifier used for alert deduplication in Opsgenie.
-
description (optional)
String A description that provides detailed information about the alert.
-
details (optional)
map[String, oas_any_type_not_mapped] The custom properties of the alert.
-
entity (optional)
String The domain of the alert. For example, the application or server name.
-
message
String The alert message.
-
note (optional)
String Additional information for the alert.
-
priority (optional)
String The priority level for the alert.
-
Enum:
-
P1
P2
P3
P4
P5
-
responders (optional)
array[run_connector_subaction_createalert_subActionParams_responders_inner] The entities to receive notifications about the alert. If type is user, either id or username is required. If type is team, either id or name is required.
-
source (optional)
String The display name for the source of the alert.
-
tags (optional)
array[String] The tags for the alert.
-
user (optional)
String The display name for the owner.
-
visibleTo (optional)
array[run_connector_subaction_createalert_subActionParams_visibleTo_inner] The teams and users that the alert will be visible to without sending a notification. Only one of id, name, or username is required.
-
-
-
-

run_connector_subaction_createalert_subActionParams_responders_inner - Up

-
-
-
id (optional)
String The identifier for the entity.
-
name (optional)
String The name of the entity.
-
type (optional)
String The type of responders, in this case escalation.
-
Enum:
-
escalation
schedule
team
user
-
username (optional)
String A valid email address for the user.
-
-
-
-

run_connector_subaction_createalert_subActionParams_visibleTo_inner - Up

-
-
-
id (optional)
String The identifier for the entity.
-
name (optional)
String The name of the entity.
-
type
String Valid values are team and user.
-
Enum:
-
team
user
-
username (optional)
String The user name. This property is required only when the type is user.
-
-
-
-

run_connector_subaction_fieldsbyissuetype - The fieldsByIssueType subaction Up

-
The fieldsByIssueType subaction for Jira connectors.
-
-
subAction
String The action to test.
-
Enum:
-
fieldsByIssueType
-
subActionParams
-
-
-
-

run_connector_subaction_fieldsbyissuetype_subActionParams - Up

-
-
-
id
String The Jira issue type identifier.
-
-
-
-

run_connector_subaction_getchoices - The getChoices subaction Up

-
The getChoices subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.
-
-
subAction
String The action to test.
-
Enum:
-
getChoices
-
subActionParams
-
-
-
-

run_connector_subaction_getchoices_subActionParams - Up

-
The set of configuration properties for the action.
-
-
fields
array[String] An array of fields.
-
-
-
-

run_connector_subaction_getfields - The getFields subaction Up

-
The getFields subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
-
-
subAction
String The action to test.
-
Enum:
-
getFields
-
-
-
-

run_connector_subaction_getincident - The getIncident subaction Up

-
The getIncident subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
-
-
subAction
String The action to test.
-
Enum:
-
getIncident
-
subActionParams
-
-
-
-

run_connector_subaction_getincident_subActionParams - Up

-
-
-
externalId
String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
-
-
-
-

run_connector_subaction_issue - The issue subaction Up

-
The issue subaction for Jira connectors.
-
-
subAction
String The action to test.
-
Enum:
-
issue
-
subActionParams (optional)
-
-
-
-

run_connector_subaction_issue_subActionParams - Up

-
-
-
id
String The Jira issue identifier.
-
-
-
-

run_connector_subaction_issues - The issues subaction Up

-
The issues subaction for Jira connectors.
-
-
subAction
String The action to test.
-
Enum:
-
issues
-
subActionParams
-
-
-
-

run_connector_subaction_issues_subActionParams - Up

-
-
-
title
String The title of the Jira issue.
-
-
-
-

run_connector_subaction_issuetypes - The issueTypes subaction Up

-
The issueTypes subaction for Jira connectors.
-
-
subAction
String The action to test.
-
Enum:
-
issueTypes
-
-
-
-

run_connector_subaction_pushtoservice - The pushToService subaction Up

-
The pushToService subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
-
-
subAction
String The action to test.
-
Enum:
-
pushToService
-
subActionParams
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams - Up

-
The set of configuration properties for the action.
-
-
comments (optional)
array[run_connector_subaction_pushtoservice_subActionParams_comments_inner] Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, or Swimlane.
-
incident (optional)
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_comments_inner - Up

-
-
-
comment (optional)
String A comment related to the incident. For example, describe how to troubleshoot the issue.
-
commentId (optional)
Integer A unique identifier for the comment.
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident - Up

-
Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, or Swimlane incident.
-
-
alertId (optional)
String The alert identifier for Swimlane connectors.
-
caseId (optional)
String The case identifier for the incident for Swimlane connectors.
-
caseName (optional)
String The case name for the incident for Swimlane connectors.
-
category (optional)
String The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
-
correlation_display (optional)
String A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors.
-
correlation_id (optional)
String The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as {{ruleID}}:{{alert ID}} to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of {{ruleID}}:{{alert ID}} ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
-
description (optional)
String The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, and Swimlane connectors.
-
dest_ip (optional)
-
externalId (optional)
String The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
-
impact (optional)
String The impact of the incident for ServiceNow ITSM connectors.
-
issueType (optional)
Integer The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set subAction to issueTypes.
-
labels (optional)
array[String] The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.
-
malware_hash (optional)
-
malware_url (optional)
-
parent (optional)
String The ID or key of the parent issue for Jira connectors. Applies only to Sub-task types of issues.
-
priority (optional)
String The priority of the incident in Jira and ServiceNow SecOps connectors.
-
ruleName (optional)
String The rule name for Swimlane connectors.
-
severity (optional)
String The severity of the incident for ServiceNow ITSM and Swimlane connectors.
-
short_description (optional)
String A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.
-
source_ip (optional)
-
subcategory (optional)
String The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
-
summary (optional)
String A summary of the incident for Jira connectors.
-
title (optional)
String A title for the incident for Jira connectors. It is used for searching the contents of the knowledge base.
-
urgency (optional)
String The urgency of the incident for ServiceNow ITSM connectors.
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident_dest_ip - Up

-
A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
-
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident_malware_hash - Up

-
A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.
-
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident_malware_url - Up

-
A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.
-
-
-
-
-

run_connector_subaction_pushtoservice_subActionParams_incident_source_ip - Up

-
A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
-
-
-
-
-

secrets_properties_cases_webhook - Connector secrets properties for Webhook - Case Management connector Up

-
-
-
password (optional)
String The password for HTTP basic authentication. If hasAuth is set to true, this property is required.
-
user (optional)
String The username for HTTP basic authentication. If hasAuth is set to true, this property is required.
-
-
-
-

secrets_properties_jira - Connector secrets properties for a Jira connector Up

-
Defines secrets for connectors when type is .jira.
-
-
apiToken
String The Jira API authentication token for HTTP basic authentication.
-
email
String The account email for HTTP Basic authentication.
-
-
-
-

secrets_properties_opsgenie - Connector secrets properties for an Opsgenie connector Up

-
Defines secrets for connectors when type is .opsgenie.
-
-
apiKey
String The Opsgenie API authentication key for HTTP Basic authentication.
-
-
-
-

secrets_properties_resilient - Connector secrets properties for IBM Resilient connector Up

-
Defines secrets for connectors when type is .resilient.
-
-
apiKeyId
String The authentication key ID for HTTP Basic authentication.
-
apiKeySecret
String The authentication key secret for HTTP Basic authentication.
-
-
-
-

secrets_properties_servicenow - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors Up

-
Defines secrets for connectors when type is .servicenow, .servicenow-sir, or .servicenow-itom.
-
-
clientSecret (optional)
String The client secret assigned to your OAuth application. This property is required when isOAuth is true.
-
password (optional)
String The password for HTTP basic authentication. This property is required when isOAuth is false.
-
privateKey (optional)
String The RSA private key that you created for use in ServiceNow. This property is required when isOAuth is true.
-
privateKeyPassword (optional)
String The password for the RSA private key. This property is required when isOAuth is true and you set a password on your private key.
-
username (optional)
String The username for HTTP basic authentication. This property is required when isOAuth is false.
-
-
-
-

secrets_properties_swimlane - Connector secrets properties for a Swimlane connector Up

-
Defines secrets for connectors when type is .swimlane.
-
-
apiToken (optional)
String Swimlane API authentication token.
-
-
-
-

updateConnector_400_response - Up

-
-
-
error (optional)
-
message (optional)
-
statusCode (optional)
-
-
- -
-

update_connector_request_index - Update index connector request Up

-
-
-
config
-
name
String The display name for the connector.
-
-
-
-

update_connector_request_jira - Update Jira connector request Up

-
-
-
config
-
name
String The display name for the connector.
-
secrets
-
-
- - -
-

update_connector_request_serverlog - Update server log connector request Up

-
-
-
name
String The display name for the connector.
-
-
- - - -
-++++ diff --git a/docs/api-generated/connectors/connector-apis.asciidoc b/docs/api-generated/connectors/connector-apis.asciidoc deleted file mode 100644 index d35bad3d3d633..0000000000000 --- a/docs/api-generated/connectors/connector-apis.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[[connector-apis]] -== Connector APIs - -preview::[] - -//// -This file includes content that has been generated from https://github.com/elastic/kibana/tree/main/x-pack/plugins/actions/docs/openapi. Any modifications required must be done in that open API specification. -//// - -include::connector-apis-passthru.asciidoc[] \ No newline at end of file diff --git a/docs/api-generated/machine-learning/ml-apis-passthru.asciidoc b/docs/api-generated/machine-learning/ml-apis-passthru.asciidoc deleted file mode 100644 index 116ddbe0d7273..0000000000000 --- a/docs/api-generated/machine-learning/ml-apis-passthru.asciidoc +++ /dev/null @@ -1,205 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

-
    -
  1. APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
  2. -
  3. HTTP Basic Authentication
  4. -
- -

Methods

- [ Jump to Models ] - -

Table of Contents

-
-

Ml

- - -

Ml

-
-
- Up -
get /s/{spaceId}/api/ml/saved_objects/sync
-
Synchronizes Kibana saved objects for machine learning jobs and trained models. (mlSync)
-
You must have all privileges for the Machine Learning feature in the Analytics section of the Kibana feature privileges. This API runs automatically when you start Kibana and periodically thereafter.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
simulate (optional)
- -
Query Parameter — When true, simulates the synchronization by returning only the list of actions that would be performed. default: null
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "datafeedsAdded" : {
-    "key" : {
-      "success" : true
-    }
-  },
-  "savedObjectsCreated" : {
-    "anomaly-detector" : {
-      "key" : {
-        "success" : true
-      }
-    },
-    "data-frame-analytics" : {
-      "key" : {
-        "success" : true
-      }
-    },
-    "trained-model" : {
-      "key" : {
-        "success" : true
-      }
-    }
-  },
-  "savedObjectsDeleted" : {
-    "anomaly-detector" : {
-      "key" : {
-        "success" : true
-      }
-    },
-    "data-frame-analytics" : {
-      "key" : {
-        "success" : true
-      }
-    },
-    "trained-model" : {
-      "key" : {
-        "success" : true
-      }
-    }
-  },
-  "datafeedsRemoved" : {
-    "key" : {
-      "success" : true
-    }
-  }
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call - mlSync200Response -

401

- Authorization information is missing or invalid. - mlSync4xxResponse -
-
- -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    -
  1. mlSync200Response - Successful sync API response
  2. -
  3. mlSync4xxResponse - Unsuccessful sync API response
  4. -
  5. mlSyncResponseAnomalyDetectors - Sync API response for anomaly detection jobs
  6. -
  7. mlSyncResponseDataFrameAnalytics - Sync API response for data frame analytics jobs
  8. -
  9. mlSyncResponseDatafeeds - Sync API response for datafeeds
  10. -
  11. mlSyncResponseSavedObjectsCreated - Sync API response for created saved objects
  12. -
  13. mlSyncResponseSavedObjectsDeleted - Sync API response for deleted saved objects
  14. -
  15. mlSyncResponseTrainedModels - Sync API response for trained models
  16. -
- -
-

mlSync200Response - Successful sync API response Up

-
-
-
datafeedsAdded (optional)
map[String, mlSyncResponseDatafeeds] If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API.
-
datafeedsRemoved (optional)
map[String, mlSyncResponseDatafeeds] If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API.
-
savedObjectsCreated (optional)
-
savedObjectsDeleted (optional)
-
-
-
-

mlSync4xxResponse - Unsuccessful sync API response Up

-
-
-
error (optional)
-
message (optional)
-
statusCode (optional)
-
-
-
-

mlSyncResponseAnomalyDetectors - Sync API response for anomaly detection jobs Up

-
The sync machine learning saved objects API response contains this object when there are anomaly detection jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.
-
-
success (optional)
Boolean The success or failure of the synchronization.
-
-
-
-

mlSyncResponseDataFrameAnalytics - Sync API response for data frame analytics jobs Up

-
The sync machine learning saved objects API response contains this object when there are data frame analytics jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.
-
-
success (optional)
Boolean The success or failure of the synchronization.
-
-
-
-

mlSyncResponseDatafeeds - Sync API response for datafeeds Up

-
The sync machine learning saved objects API response contains this object when there are datafeeds affected by the synchronization. There is an object for each relevant datafeed, which contains the synchronization status.
-
-
success (optional)
Boolean The success or failure of the synchronization.
-
-
-
-

mlSyncResponseSavedObjectsCreated - Sync API response for created saved objects Up

-
If saved objects are missing for machine learning jobs or trained models, they are created when you run the sync machine learning saved objects API.
-
-
anomalyMinusdetector (optional)
map[String, mlSyncResponseAnomalyDetectors] If saved objects are missing for anomaly detection jobs, they are created.
-
dataMinusframeMinusanalytics (optional)
map[String, mlSyncResponseDataFrameAnalytics] If saved objects are missing for data frame analytics jobs, they are created.
-
trainedMinusmodel (optional)
map[String, mlSyncResponseTrainedModels] If saved objects are missing for trained models, they are created.
-
-
-
-

mlSyncResponseSavedObjectsDeleted - Sync API response for deleted saved objects Up

-
If saved objects exist for machine learning jobs or trained models that no longer exist, they are deleted when you run the sync machine learning saved objects API.
-
-
anomalyMinusdetector (optional)
map[String, mlSyncResponseAnomalyDetectors] If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted.
-
dataMinusframeMinusanalytics (optional)
map[String, mlSyncResponseDataFrameAnalytics] If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted.
-
trainedMinusmodel (optional)
map[String, mlSyncResponseTrainedModels] If there are saved objects exist for nonexistent trained models, they are deleted.
-
-
-
-

mlSyncResponseTrainedModels - Sync API response for trained models Up

-
The sync machine learning saved objects API response contains this object when there are trained models affected by the synchronization. There is an object for each relevant trained model, which contains the synchronization status.
-
-
success (optional)
Boolean The success or failure of the synchronization.
-
-
-
-++++ diff --git a/docs/api-generated/machine-learning/ml-apis.asciidoc b/docs/api-generated/machine-learning/ml-apis.asciidoc deleted file mode 100644 index 2d87d72616a75..0000000000000 --- a/docs/api-generated/machine-learning/ml-apis.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[[machine-learning-apis]] -== Machine learning APIs - -preview::[] - -//// -This file includes content that has been generated from https://github.com/elastic/kibana/tree/main/x-pack/plugins/ml/common/openapi. Any modifications required must be done in that open API specification. -//// - -include::ml-apis-passthru.asciidoc[] \ No newline at end of file diff --git a/docs/api-generated/rules/rule-apis-passthru.asciidoc b/docs/api-generated/rules/rule-apis-passthru.asciidoc deleted file mode 100644 index 0626e0e43a8bd..0000000000000 --- a/docs/api-generated/rules/rule-apis-passthru.asciidoc +++ /dev/null @@ -1,2601 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

-
    -
  1. APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true
  2. -
  3. HTTP Basic Authentication
  4. -
- -

Methods

- [ Jump to Models ] - -

Table of Contents

-
-

Alerting

- - -

Alerting

-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}
-
Creates a rule. (createRule)
-
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule you're creating. For example, you must have privileges for the Management > Stack rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature. NOTE: This API supports only token-based authentication. When you create a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If a user with different privileges updates the rule, its behavior might change.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
ruleId (required)
- -
Path Parameter — An UUID v1 or v4 identifier for the rule. If you omit this parameter, an identifier is randomly generated. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
create_rule_request create_rule_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "throttle" : "10m",
-  "created_at" : "2022-12-05T23:36:58.284Z",
-  "last_run" : {
-    "alerts_count" : {
-      "ignored" : 6,
-      "new" : 1,
-      "recovered" : 5,
-      "active" : 0
-    },
-    "outcome_msg" : "outcome_msg",
-    "warning" : "warning",
-    "outcome" : "succeeded"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "created_by" : "elastic",
-  "enabled" : true,
-  "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-  "rule_type_id" : "monitoring_alert_cluster_health",
-  "tags" : [ "tags", "tags" ],
-  "api_key_owner" : "elastic",
-  "schedule" : {
-    "interval" : "1m"
-  },
-  "notify_when" : "onActiveAlert",
-  "next_run" : "2022-12-06T00:14:43.818Z",
-  "updated_at" : "2022-12-05T23:36:58.284Z",
-  "execution_status" : {
-    "last_execution_date" : "2022-12-06T00:13:43.89Z",
-    "last_duration" : 55,
-    "status" : "ok"
-  },
-  "name" : "cluster_health_rule",
-  "updated_by" : "elastic",
-  "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "mute_all" : false,
-  "actions" : [ {
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "group" : "default"
-  }, {
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "group" : "default"
-  } ],
-  "consumer" : "alerts"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - rule_response_properties -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
delete /s/{spaceId}/api/alerting/rule/{ruleId}
-
Deletes a rule. (deleteRule)
-
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule you're deleting. For example, the Management > Stack Rules feature, Analytics > Discover or Machine Learning features, Observability, or Security features. WARNING: After you delete a rule, you cannot recover it.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/_disable
-
Disables a rule. (disableRule)
-
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/_enable
-
Enables a rule. (enableRule)
-
This API supports token-based authentication only. You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerting/rules/_find
-
Retrieves information about rules. (findRules)
-
You must have read privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rules you're seeking. For example, you must have privileges for the Management > Stack rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. To find rules associated with the Stack Monitoring feature, use the monitoring_user built-in role.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
default_search_operator (optional)
- -
Query Parameter — The default operator to use for the simple_query_string. default: OR
fields (optional)
- -
Query Parameter — The fields to return in the attributes key of the response. default: null
filter (optional)
- -
Query Parameter — A KQL string that you filter with an attribute from your saved object. It should look like savedObjectType.attributes.title: "myTitle". However, if you used a direct attribute of a saved object, such as updatedAt, you must define your filter, for example, savedObjectType.updatedAt > 2018-12-22. default: null
has_reference (optional)
- -
Query Parameter — Filters the rules that have a relation with the reference objects with a specific type and identifier. default: null
page (optional)
- -
Query Parameter — The page number to return. default: 1
per_page (optional)
- -
Query Parameter — The number of rules to return per page. default: 20
search (optional)
- -
Query Parameter — An Elasticsearch simple_query_string query that filters the objects in the response. default: null
search_fields (optional)
- -
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
sort_field (optional)
- -
Query Parameter — Determines which field is used to sort the results. The field must exist in the attributes key of the response. default: null
sort_order (optional)
- -
Query Parameter — Determines the sort order. default: desc
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "per_page" : 6,
-  "total" : 1,
-  "data" : [ {
-    "throttle" : "10m",
-    "created_at" : "2022-12-05T23:36:58.284Z",
-    "last_run" : {
-      "alerts_count" : {
-        "ignored" : 6,
-        "new" : 1,
-        "recovered" : 5,
-        "active" : 0
-      },
-      "outcome_msg" : "outcome_msg",
-      "warning" : "warning",
-      "outcome" : "succeeded"
-    },
-    "params" : {
-      "key" : ""
-    },
-    "created_by" : "elastic",
-    "enabled" : true,
-    "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-    "rule_type_id" : "monitoring_alert_cluster_health",
-    "tags" : [ "tags", "tags" ],
-    "api_key_owner" : "elastic",
-    "schedule" : {
-      "interval" : "1m"
-    },
-    "notify_when" : "onActiveAlert",
-    "next_run" : "2022-12-06T00:14:43.818Z",
-    "updated_at" : "2022-12-05T23:36:58.284Z",
-    "execution_status" : {
-      "last_execution_date" : "2022-12-06T00:13:43.89Z",
-      "last_duration" : 55,
-      "status" : "ok"
-    },
-    "name" : "cluster_health_rule",
-    "updated_by" : "elastic",
-    "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "mute_all" : false,
-    "actions" : [ {
-      "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-      "params" : {
-        "key" : ""
-      },
-      "group" : "default"
-    }, {
-      "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-      "params" : {
-        "key" : ""
-      },
-      "group" : "default"
-    } ],
-    "consumer" : "alerts"
-  }, {
-    "throttle" : "10m",
-    "created_at" : "2022-12-05T23:36:58.284Z",
-    "last_run" : {
-      "alerts_count" : {
-        "ignored" : 6,
-        "new" : 1,
-        "recovered" : 5,
-        "active" : 0
-      },
-      "outcome_msg" : "outcome_msg",
-      "warning" : "warning",
-      "outcome" : "succeeded"
-    },
-    "params" : {
-      "key" : ""
-    },
-    "created_by" : "elastic",
-    "enabled" : true,
-    "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-    "rule_type_id" : "monitoring_alert_cluster_health",
-    "tags" : [ "tags", "tags" ],
-    "api_key_owner" : "elastic",
-    "schedule" : {
-      "interval" : "1m"
-    },
-    "notify_when" : "onActiveAlert",
-    "next_run" : "2022-12-06T00:14:43.818Z",
-    "updated_at" : "2022-12-05T23:36:58.284Z",
-    "execution_status" : {
-      "last_execution_date" : "2022-12-06T00:13:43.89Z",
-      "last_duration" : 55,
-      "status" : "ok"
-    },
-    "name" : "cluster_health_rule",
-    "updated_by" : "elastic",
-    "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "mute_all" : false,
-    "actions" : [ {
-      "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-      "params" : {
-        "key" : ""
-      },
-      "group" : "default"
-    }, {
-      "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-      "params" : {
-        "key" : ""
-      },
-      "group" : "default"
-    } ],
-    "consumer" : "alerts"
-  } ],
-  "page" : 0
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - findRules_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerting/_health
-
Retrieves the health status of the alerting framework. (getAlertingHealth)
-
You must have read privileges for the Management > Stack Rules feature or for at least one of the Analytics > Discover, Analytics > Machine Learning, Observability, or Security features.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "alerting_framework_health" : {
-    "execution_health" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "read_health" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "decryption_health" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    }
-  },
-  "alerting_framework_heath" : {
-    "_deprecated" : "This state property has a typo, use \"alerting_framework_health\" instead.",
-    "execution_health" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "read_health" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "decryption_health" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    }
-  },
-  "has_permanent_encryption_key" : true,
-  "is_sufficiently_secure" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - getAlertingHealth_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerting/rule/{ruleId}
-
Retrieves a rule by its identifier. (getRule)
-
You must have read privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rules you're seeking. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. To get rules associated with the Stack Monitoring feature, use the monitoring_user built-in role.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "throttle" : "10m",
-  "created_at" : "2022-12-05T23:36:58.284Z",
-  "last_run" : {
-    "alerts_count" : {
-      "ignored" : 6,
-      "new" : 1,
-      "recovered" : 5,
-      "active" : 0
-    },
-    "outcome_msg" : "outcome_msg",
-    "warning" : "warning",
-    "outcome" : "succeeded"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "created_by" : "elastic",
-  "enabled" : true,
-  "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-  "rule_type_id" : "monitoring_alert_cluster_health",
-  "tags" : [ "tags", "tags" ],
-  "api_key_owner" : "elastic",
-  "schedule" : {
-    "interval" : "1m"
-  },
-  "notify_when" : "onActiveAlert",
-  "next_run" : "2022-12-06T00:14:43.818Z",
-  "updated_at" : "2022-12-05T23:36:58.284Z",
-  "execution_status" : {
-    "last_execution_date" : "2022-12-06T00:13:43.89Z",
-    "last_duration" : 55,
-    "status" : "ok"
-  },
-  "name" : "cluster_health_rule",
-  "updated_by" : "elastic",
-  "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "mute_all" : false,
-  "actions" : [ {
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "group" : "default"
-  }, {
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "group" : "default"
-  } ],
-  "consumer" : "alerts"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - rule_response_properties -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerting/rule_types
-
Retrieves a list of rule types. (getRuleTypes)
-
If you have read privileges for one or more Kibana features, the API response contains information about the appropriate rule types. For example, there are rule types associated with the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability features, and Security features. To get rule types associated with the Stack Monitoring feature, use the monitoring_user built-in role.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "recovery_action_group" : {
-    "name" : "name",
-    "id" : "id"
-  },
-  "does_set_recovery_context" : true,
-  "is_exportable" : true,
-  "authorized_consumers" : {
-    "alerts" : {
-      "all" : true,
-      "read" : true
-    },
-    "discover" : {
-      "all" : true,
-      "read" : true
-    },
-    "stackAlerts" : {
-      "all" : true,
-      "read" : true
-    },
-    "infrastructure" : {
-      "all" : true,
-      "read" : true
-    },
-    "siem" : {
-      "all" : true,
-      "read" : true
-    },
-    "monitoring" : {
-      "all" : true,
-      "read" : true
-    },
-    "logs" : {
-      "all" : true,
-      "read" : true
-    },
-    "apm" : {
-      "all" : true,
-      "read" : true
-    },
-    "ml" : {
-      "all" : true,
-      "read" : true
-    },
-    "uptime" : {
-      "all" : true,
-      "read" : true
-    }
-  },
-  "action_groups" : [ {
-    "name" : "name",
-    "id" : "id"
-  }, {
-    "name" : "name",
-    "id" : "id"
-  } ],
-  "minimum_license_required" : "basic",
-  "action_variables" : {
-    "context" : [ {
-      "name" : "name",
-      "description" : "description",
-      "useWithTripleBracesInTemplates" : true
-    }, {
-      "name" : "name",
-      "description" : "description",
-      "useWithTripleBracesInTemplates" : true
-    } ],
-    "state" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ],
-    "params" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ]
-  },
-  "rule_task_timeout" : "5m",
-  "name" : "name",
-  "enabled_in_license" : true,
-  "producer" : "stackAlerts",
-  "id" : "id",
-  "default_action_group_id" : "default_action_group_id"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}
-
Create an alert. (legacyCreateAlert)
-
Deprecated in 7.13.0. Use the create rule API instead.
- -

Path parameters

-
-
alertId (required)
- -
Path Parameter — An UUID v1 or v4 identifier for the alert. If this parameter is omitted, the identifier is randomly generated. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_create_alert_request_properties Legacy_create_alert_request_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "alertTypeId" : ".index-threshold",
-  "throttle" : "throttle",
-  "updatedBy" : "elastic",
-  "executionStatus" : {
-    "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-    "status" : "ok"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "enabled" : true,
-  "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-  "tags" : [ "tags", "tags" ],
-  "createdAt" : "2022-12-05T23:36:58.284Z",
-  "schedule" : {
-    "interval" : "interval"
-  },
-  "notifyWhen" : "onActionGroupChange",
-  "createdBy" : "elastic",
-  "muteAll" : false,
-  "name" : "my alert",
-  "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "actions" : [ "{}", "{}" ],
-  "apiKeyOwner" : "elastic",
-  "updatedAt" : "2022-12-05T23:36:58.284Z"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - alert_response_properties -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/_disable
-
Disables an alert. (legacyDisableAlert)
-
Deprecated in 7.13.0. Use the disable rule API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/_enable
-
Enables an alert. (legacyEnableAlert)
-
Deprecated in 7.13.0. Use the enable rule API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerts/alerts/_find
-
Retrieves a paginated set of alerts. (legacyFindAlerts)
-
Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert params are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - -

Query parameters

-
-
default_search_operator (optional)
- -
Query Parameter — The default operator to use for the simple_query_string. default: OR
fields (optional)
- -
Query Parameter — The fields to return in the attributes key of the response. default: null
filter (optional)
- -
Query Parameter — A KQL string that you filter with an attribute from your saved object. It should look like savedObjectType.attributes.title: "myTitle". However, if you used a direct attribute of a saved object, such as updatedAt, you must define your filter, for example, savedObjectType.updatedAt > 2018-12-22. default: null
has_reference (optional)
- -
Query Parameter — Filters the rules that have a relation with the reference objects with a specific type and identifier. default: null
page (optional)
- -
Query Parameter — The page number to return. default: 1
per_page (optional)
- -
Query Parameter — The number of alerts to return per page. default: 20
search (optional)
- -
Query Parameter — An Elasticsearch simple_query_string query that filters the alerts in the response. default: null
search_fields (optional)
- -
Query Parameter — The fields to perform the simple_query_string parsed query against. default: null
sort_field (optional)
- -
Query Parameter — Determines which field is used to sort the results. The field must exist in the attributes key of the response. default: null
sort_order (optional)
- -
Query Parameter — Determines the sort order. default: desc
-
- - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "total" : 1,
-  "perPage" : 6,
-  "data" : [ {
-    "alertTypeId" : ".index-threshold",
-    "throttle" : "throttle",
-    "updatedBy" : "elastic",
-    "executionStatus" : {
-      "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-      "status" : "ok"
-    },
-    "params" : {
-      "key" : ""
-    },
-    "enabled" : true,
-    "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-    "tags" : [ "tags", "tags" ],
-    "createdAt" : "2022-12-05T23:36:58.284Z",
-    "schedule" : {
-      "interval" : "interval"
-    },
-    "notifyWhen" : "onActionGroupChange",
-    "createdBy" : "elastic",
-    "muteAll" : false,
-    "name" : "my alert",
-    "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "actions" : [ "{}", "{}" ],
-    "apiKeyOwner" : "elastic",
-    "updatedAt" : "2022-12-05T23:36:58.284Z"
-  }, {
-    "alertTypeId" : ".index-threshold",
-    "throttle" : "throttle",
-    "updatedBy" : "elastic",
-    "executionStatus" : {
-      "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-      "status" : "ok"
-    },
-    "params" : {
-      "key" : ""
-    },
-    "enabled" : true,
-    "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-    "tags" : [ "tags", "tags" ],
-    "createdAt" : "2022-12-05T23:36:58.284Z",
-    "schedule" : {
-      "interval" : "interval"
-    },
-    "notifyWhen" : "onActionGroupChange",
-    "createdBy" : "elastic",
-    "muteAll" : false,
-    "name" : "my alert",
-    "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-    "actions" : [ "{}", "{}" ],
-    "apiKeyOwner" : "elastic",
-    "updatedAt" : "2022-12-05T23:36:58.284Z"
-  } ],
-  "page" : 0
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - legacyFindAlerts_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerts/alert/{alertId}
-
Retrieves an alert by its identifier. (legacyGetAlert)
-
Deprecated in 7.13.0. Use the get rule API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "alertTypeId" : ".index-threshold",
-  "throttle" : "throttle",
-  "updatedBy" : "elastic",
-  "executionStatus" : {
-    "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-    "status" : "ok"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "enabled" : true,
-  "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-  "tags" : [ "tags", "tags" ],
-  "createdAt" : "2022-12-05T23:36:58.284Z",
-  "schedule" : {
-    "interval" : "interval"
-  },
-  "notifyWhen" : "onActionGroupChange",
-  "createdBy" : "elastic",
-  "muteAll" : false,
-  "name" : "my alert",
-  "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "actions" : [ "{}", "{}" ],
-  "apiKeyOwner" : "elastic",
-  "updatedAt" : "2022-12-05T23:36:58.284Z"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - alert_response_properties -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerts/alerts/list_alert_types
-
Retrieves a list of alert types. (legacyGetAlertTypes)
-
Deprecated in 7.13.0. Use the get rule types API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "defaultActionGroupId" : "defaultActionGroupId",
-  "isExportable" : true,
-  "actionVariables" : {
-    "context" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ],
-    "state" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ],
-    "params" : [ {
-      "name" : "name",
-      "description" : "description"
-    }, {
-      "name" : "name",
-      "description" : "description"
-    } ]
-  },
-  "actionGroups" : [ {
-    "name" : "name",
-    "id" : "id"
-  }, {
-    "name" : "name",
-    "id" : "id"
-  } ],
-  "name" : "name",
-  "producer" : "producer",
-  "authorizedConsumers" : "{}",
-  "recoveryActionGroup" : {
-    "name" : "name",
-    "id" : "id"
-  },
-  "enabledInLicense" : true,
-  "id" : "id",
-  "minimumLicenseRequired" : "minimumLicenseRequired"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
get /s/{spaceId}/api/alerts/alerts/_health
-
Retrieves the health status of the alerting framework. (legacyGetAlertingHealth)
-
Deprecated in 7.13.0. Use the get alerting framework health API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - - - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "hasPermanentEncryptionKey" : true,
-  "alertingFrameworkHealth" : {
-    "executionHealth" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "decryptionHealth" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    },
-    "readHealth" : {
-      "status" : "ok",
-      "timestamp" : "2023-01-13T01:28:00.28Z"
-    }
-  },
-  "isSufficientlySecure" : true
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - legacyGetAlertingHealth_200_response -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute
-
Mutes an alert instance. (legacyMuteAlertInstance)
-
Deprecated in 7.13.0. Use the mute alert API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — An identifier for the alert. default: null
alertInstanceId (required)
- -
Path Parameter — An identifier for the alert instance. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/_mute_all
-
Mutes all alert instances. (legacyMuteAllAlertInstances)
-
Deprecated in 7.13.0. Use the mute all alerts API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute
-
Unmutes an alert instance. (legacyUnmuteAlertInstance)
-
Deprecated in 7.13.0. Use the unmute alert API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — An identifier for the alert. default: null
alertInstanceId (required)
- -
Path Parameter — An identifier for the alert instance. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerts/alert/{alertId}/_unmute_all
-
Unmutes all alert instances. (legacyUnmuteAllAlertInstances)
-
Deprecated in 7.13.0. Use the unmute all alerts API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
put /s/{spaceId}/api/alerts/alert/{alertId}
-
Updates the attributes for an alert. (legacyUpdateAlert)
-
Deprecated in 7.13.0. Use the update rule API instead.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
Legacy_update_alert_request_properties Legacy_update_alert_request_properties (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "alertTypeId" : ".index-threshold",
-  "throttle" : "throttle",
-  "updatedBy" : "elastic",
-  "executionStatus" : {
-    "lastExecutionDate" : "2022-12-06T00:13:43.89Z",
-    "status" : "ok"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "enabled" : true,
-  "mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
-  "tags" : [ "tags", "tags" ],
-  "createdAt" : "2022-12-05T23:36:58.284Z",
-  "schedule" : {
-    "interval" : "interval"
-  },
-  "notifyWhen" : "onActionGroupChange",
-  "createdBy" : "elastic",
-  "muteAll" : false,
-  "name" : "my alert",
-  "scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "actions" : [ "{}", "{}" ],
-  "apiKeyOwner" : "elastic",
-  "updatedAt" : "2022-12-05T23:36:58.284Z"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - alert_response_properties -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
delete /s/{spaceId}/api/alerts/alert/{alertId}
-
Permanently removes an alert. (legaryDeleteAlert)
-
Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After you delete an alert, you cannot recover it.
- -

Path parameters

-
-
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
alertId (required)
- -
Path Parameter — The identifier for the alert. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/alert/{alertId}/_mute
-
Mutes an alert. (muteAlert)
-
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature.
- -

Path parameters

-
-
alertId (required)
- -
Path Parameter — An identifier for the alert. The identifier is generated by the rule and might be any arbitrary string. default: null
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/_mute_all
-
Mutes all alerts. (muteAllAlerts)
-
This API snoozes the notifications for the rule indefinitely. The rule checks continue to occur but alerts will not trigger any actions. You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/alert/{alertId}/_unmute
-
Unmutes an alert. (unmuteAlert)
-
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature.
- -

Path parameters

-
-
alertId (required)
- -
Path Parameter — An identifier for the alert. The identifier is generated by the rule and might be any arbitrary string. default: null
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
post /s/{spaceId}/api/alerting/rule/{ruleId}/_unmute_all
-
Unmutes all alerts. (unmuteAllAlerts)
-
If the rule has its notifications snoozed indefinitely, this API cancels the snooze. You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule. For example, the Management > Stack Rules feature, Analytics > Discover and Machine Learning features, Observability, and Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- - - -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - - - - - -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

204

- Indicates a successful call. - -

401

- Authorization information is missing or invalid. - 401_response -
-
-
-
- Up -
put /s/{spaceId}/api/alerting/rule/{ruleId}
-
Updates the attributes for a rule. (updateRule)
-
You must have all privileges for the appropriate Kibana features, depending on the consumer and rule_type_id of the rule you're updating. For example, you must have privileges for the Management > Stack rules feature, Analytics > Discover and Machine Learning features, Observability features, or Security features. If the rule has actions, you must also have read privileges for the Management > Actions and Connectors feature. NOTE: This API supports only token-based authentication. When you update a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If you have different privileges than the user that created or most recently updated the rule, you might change its behavior. Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.
- -

Path parameters

-
-
ruleId (required)
- -
Path Parameter — An identifier for the rule. default: null
spaceId (required)
- -
Path Parameter — An identifier for the space. If /s/ and the identifier are omitted from the path, the default space is used. default: null
-
- -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    -
  • application/json
  • -
- -

Request body

-
-
update_rule_request update_rule_request (required)
- -
Body Parameter
- -
- -

Request headers

-
-
kbn-xsrf (required)
- -
Header Parameter — Cross-site request forgery protection default: null
- -
- - - -

Return type

- - - - -

Example data

-
Content-Type: application/json
-
{
-  "throttle" : "10m",
-  "created_at" : "2022-12-05T23:36:58.284Z",
-  "last_run" : {
-    "alerts_count" : {
-      "ignored" : 6,
-      "new" : 1,
-      "recovered" : 5,
-      "active" : 0
-    },
-    "outcome_msg" : "outcome_msg",
-    "warning" : "warning",
-    "outcome" : "succeeded"
-  },
-  "params" : {
-    "key" : ""
-  },
-  "created_by" : "elastic",
-  "enabled" : true,
-  "muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
-  "rule_type_id" : "monitoring_alert_cluster_health",
-  "tags" : [ "tags", "tags" ],
-  "api_key_owner" : "elastic",
-  "schedule" : {
-    "interval" : "1m"
-  },
-  "notify_when" : "onActiveAlert",
-  "next_run" : "2022-12-06T00:14:43.818Z",
-  "updated_at" : "2022-12-05T23:36:58.284Z",
-  "execution_status" : {
-    "last_execution_date" : "2022-12-06T00:13:43.89Z",
-    "last_duration" : 55,
-    "status" : "ok"
-  },
-  "name" : "cluster_health_rule",
-  "updated_by" : "elastic",
-  "scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "id" : "b530fed0-74f5-11ed-9801-35303b735aef",
-  "mute_all" : false,
-  "actions" : [ {
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "group" : "default"
-  }, {
-    "id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
-    "params" : {
-      "key" : ""
-    },
-    "group" : "default"
-  } ],
-  "consumer" : "alerts"
-}
- -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    -
  • application/json
  • -
- -

Responses

-

200

- Indicates a successful call. - rule_response_properties -

401

- Authorization information is missing or invalid. - 401_response -

404

- Object is not found. - 404_response -
-
- -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    -
  1. 401_response - Unsuccessful rule API response
  2. -
  3. 404_response -
  4. -
  5. Legacy_create_alert_request_properties - Legacy create alert request properties
  6. -
  7. Legacy_create_alert_request_properties_schedule -
  8. -
  9. Legacy_update_alert_request_properties - Legacy update alert request properties
  10. -
  11. Legacy_update_alert_request_properties_actions_inner -
  12. -
  13. Legacy_update_alert_request_properties_schedule -
  14. -
  15. actions_inner -
  16. -
  17. alert_response_properties - Legacy alert response properties
  18. -
  19. alert_response_properties_executionStatus -
  20. -
  21. alert_response_properties_schedule -
  22. -
  23. create_rule_request - Create rule request
  24. -
  25. findRules_200_response -
  26. -
  27. findRules_has_reference_parameter -
  28. -
  29. findRules_search_fields_parameter -
  30. -
  31. getAlertingHealth_200_response -
  32. -
  33. getAlertingHealth_200_response_alerting_framework_health -
  34. -
  35. getAlertingHealth_200_response_alerting_framework_health_decryption_health -
  36. -
  37. getAlertingHealth_200_response_alerting_framework_health_execution_health -
  38. -
  39. getAlertingHealth_200_response_alerting_framework_health_read_health -
  40. -
  41. getAlertingHealth_200_response_alerting_framework_heath -
  42. -
  43. getAlertingHealth_200_response_alerting_framework_heath_decryption_health -
  44. -
  45. getRuleTypes_200_response_inner -
  46. -
  47. getRuleTypes_200_response_inner_action_groups_inner -
  48. -
  49. getRuleTypes_200_response_inner_action_variables -
  50. -
  51. getRuleTypes_200_response_inner_action_variables_context_inner -
  52. -
  53. getRuleTypes_200_response_inner_action_variables_params_inner -
  54. -
  55. getRuleTypes_200_response_inner_authorized_consumers -
  56. -
  57. getRuleTypes_200_response_inner_authorized_consumers_alerts -
  58. -
  59. getRuleTypes_200_response_inner_recovery_action_group -
  60. -
  61. legacyFindAlerts_200_response -
  62. -
  63. legacyGetAlertTypes_200_response_inner -
  64. -
  65. legacyGetAlertTypes_200_response_inner_actionVariables -
  66. -
  67. legacyGetAlertTypes_200_response_inner_actionVariables_context_inner -
  68. -
  69. legacyGetAlertTypes_200_response_inner_recoveryActionGroup -
  70. -
  71. legacyGetAlertingHealth_200_response -
  72. -
  73. legacyGetAlertingHealth_200_response_alertingFrameworkHealth -
  74. -
  75. legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth -
  76. -
  77. legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth -
  78. -
  79. legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth -
  80. -
  81. notify_when -
  82. -
  83. rule_response_properties - Rule response properties
  84. -
  85. rule_response_properties_execution_status -
  86. -
  87. rule_response_properties_last_run -
  88. -
  89. rule_response_properties_last_run_alerts_count -
  90. -
  91. schedule -
  92. -
  93. update_rule_request - Update rule request
  94. -
- -
-

401_response - Unsuccessful rule API response Up

-
-
-
error (optional)
-
Enum:
-
Unauthorized
-
message (optional)
-
statusCode (optional)
-
Enum:
-
401
-
-
-
-

404_response - Up

-
-
-
error (optional)
-
Enum:
-
Not Found
-
message (optional)
-
statusCode (optional)
-
Enum:
-
404
-
-
-
-

Legacy_create_alert_request_properties - Legacy create alert request properties Up

-
-
-
actions (optional)
-
alertTypeId
String The ID of the alert type that you want to call when the alert is scheduled to run.
-
consumer
String The name of the application that owns the alert. This name has to match the Kibana feature name, as that dictates the required role-based access control privileges.
-
enabled (optional)
Boolean Indicates if you want to run the alert on an interval basis after it is created.
-
name
String A name to reference and search.
-
notifyWhen
String The condition for throttling the notification.
-
Enum:
-
onActionGroupChange
onActiveAlert
onThrottleInterval
-
params
Object The parameters to pass to the alert type executor params value. This will also validate against the alert type params validator, if defined.
-
schedule
-
tags (optional)
array[String] A list of keywords to reference and search.
-
throttle (optional)
String How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m or 1h will prevent it from sending 90 notifications during this period.
-
-
-
-

Legacy_create_alert_request_properties_schedule - Up

-
The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
-
-
interval (optional)
String The interval format specifies the interval in seconds, minutes, hours or days at which the alert should execute.
-
-
-
-

Legacy_update_alert_request_properties - Legacy update alert request properties Up

-
-
-
actions (optional)
-
name
String A name to reference and search.
-
notifyWhen
String The condition for throttling the notification.
-
Enum:
-
onActionGroupChange
onActiveAlert
onThrottleInterval
-
params
Object The parameters to pass to the alert type executor params value. This will also validate against the alert type params validator, if defined.
-
schedule
-
tags (optional)
array[String] A list of keywords to reference and search.
-
throttle (optional)
String How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of 10m or 1h will prevent it from sending 90 notifications during this period.
-
-
-
-

Legacy_update_alert_request_properties_actions_inner - Up

-
-
-
actionTypeId
String The identifier for the action type.
-
group
String Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to default.
-
id
String The ID of the action saved object to execute.
-
params
Object The map to the params that the action type will receive. params are handled as Mustache templates and passed a default set of context.
-
-
-
-

Legacy_update_alert_request_properties_schedule - Up

-
The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
-
-
interval (optional)
String The interval format specifies the interval in seconds, minutes, hours or days at which the alert should execute.
-
-
-
-

actions_inner - Up

-
-
-
group (optional)
String The group name for the actions. If you don't need to group actions, set to default.
-
id (optional)
String The identifier for the connector saved object.
-
params (optional)
map[String, oas_any_type_not_mapped] The parameters for the action, which are sent to the connector. The params are handled as Mustache templates and passed a default set of context.
-
-
-
-

alert_response_properties - Legacy alert response properties Up

-
-
-
actions (optional)
-
alertTypeId (optional)
-
apiKeyOwner (optional)
-
createdAt (optional)
Date The date and time that the alert was created. format: date-time
-
createdBy (optional)
String The identifier for the user that created the alert.
-
enabled (optional)
Boolean Indicates whether the alert is currently enabled.
-
executionStatus (optional)
-
id (optional)
String The identifier for the alert.
-
muteAll (optional)
-
mutedInstanceIds (optional)
-
name (optional)
String The name of the alert.
-
notifyWhen (optional)
-
params (optional)
-
schedule (optional)
-
scheduledTaskId (optional)
-
tags (optional)
-
throttle (optional)
-
updatedAt (optional)
-
updatedBy (optional)
String The identifier for the user that updated this alert most recently.
-
-
-
-

alert_response_properties_executionStatus - Up

-
-
-
lastExecutionDate (optional)
Date format: date-time
-
status (optional)
-
-
-
-

alert_response_properties_schedule - Up

-
-
-
interval (optional)
-
-
-
-

create_rule_request - Create rule request Up

-
The create rule API request body varies depending on the type of rule and actions.
-
-
actions (optional)
-
consumer
String The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
enabled (optional)
Boolean Indicates whether you want to run the rule on an interval basis after it is created.
-
name
String The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
-
notify_when
-
params
map[String, oas_any_type_not_mapped] The parameters for the rule.
-
rule_type_id
String The ID of the rule type that you want to call when the rule is scheduled to run. For example, .es-query, .index-threshold, logs.alert.document.count, monitoring_alert_cluster_health, siem.thresholdRule, or xpack.ml.anomaly_detection_alert.
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if notify_when is set to onThrottleInterval. It is specified in seconds, minutes, hours, or days.
-
-
-
-

findRules_200_response - Up

-
-
-
data (optional)
-
page (optional)
-
per_page (optional)
-
total (optional)
-
-
-
-

findRules_has_reference_parameter - Up

-
-
-
id (optional)
-
type (optional)
-
-
- -
-

getAlertingHealth_200_response - Up

-
-
-
alerting_framework_heath (optional)
-
alerting_framework_health (optional)
-
has_permanent_encryption_key (optional)
Boolean If false, the encrypted saved object plugin does not have a permanent encryption key.
-
is_sufficiently_secure (optional)
Boolean If false, security is enabled but TLS is not.
-
-
-
-

getAlertingHealth_200_response_alerting_framework_health - Up

-
Three substates identify the health of the alerting framework: decryption_health, execution_health, and read_health.
- -
-
-

getAlertingHealth_200_response_alerting_framework_health_decryption_health - Up

-
The timestamp and status of the rule decryption.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

getAlertingHealth_200_response_alerting_framework_health_execution_health - Up

-
The timestamp and status of the rule run.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

getAlertingHealth_200_response_alerting_framework_health_read_health - Up

-
The timestamp and status of the rule reading events.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
- -
-

getAlertingHealth_200_response_alerting_framework_heath_decryption_health - Up

-
-
-
status (optional)
-
timestamp (optional)
Date format: date-time
-
-
-
-

getRuleTypes_200_response_inner - Up

-
-
-
action_groups (optional)
array[getRuleTypes_200_response_inner_action_groups_inner] An explicit list of groups for which the rule type can schedule actions, each with the action group's unique ID and human readable name. Rule actions validation uses this configuration to ensure that groups are valid.
-
action_variables (optional)
-
authorized_consumers (optional)
-
default_action_group_id (optional)
String The default identifier for the rule type group.
-
does_set_recovery_context (optional)
Boolean Indicates whether the rule passes context variables to its recovery action.
-
enabled_in_license (optional)
Boolean Indicates whether the rule type is enabled or disabled based on the subscription.
-
id (optional)
String The unique identifier for the rule type.
-
is_exportable (optional)
Boolean Indicates whether the rule type is exportable in Stack Management > Saved Objects.
-
minimum_license_required (optional)
String The subscriptions required to use the rule type.
-
name (optional)
String The descriptive name of the rule type.
-
producer (optional)
String An identifier for the application that produces this rule type.
-
recovery_action_group (optional)
-
rule_task_timeout (optional)
-
-
- -
-

getRuleTypes_200_response_inner_action_variables - Up

-
A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors.
- -
-
-

getRuleTypes_200_response_inner_action_variables_context_inner - Up

-
-
-
name (optional)
-
description (optional)
-
useWithTripleBracesInTemplates (optional)
-
-
-
-

getRuleTypes_200_response_inner_action_variables_params_inner - Up

-
-
-
description (optional)
-
name (optional)
-
-
- - -
-

getRuleTypes_200_response_inner_recovery_action_group - Up

-
An action group to use when an alert goes from an active state to an inactive one.
-
-
id (optional)
-
name (optional)
-
-
-
-

legacyFindAlerts_200_response - Up

-
-
-
data (optional)
-
page (optional)
-
perPage (optional)
-
total (optional)
-
-
-
-

legacyGetAlertTypes_200_response_inner - Up

-
-
-
actionGroups (optional)
array[getRuleTypes_200_response_inner_action_groups_inner] An explicit list of groups for which the alert type can schedule actions, each with the action group's unique ID and human readable name. Alert actions validation uses this configuration to ensure that groups are valid.
-
actionVariables (optional)
-
authorizedConsumers (optional)
Object The list of the plugins IDs that have access to the alert type.
-
defaultActionGroupId (optional)
String The default identifier for the alert type group.
-
enabledInLicense (optional)
Boolean Indicates whether the rule type is enabled based on the subscription.
-
id (optional)
String The unique identifier for the alert type.
-
isExportable (optional)
Boolean Indicates whether the alert type is exportable in Saved Objects Management UI.
-
minimumLicenseRequired (optional)
String The subscriptions required to use the alert type.
-
name (optional)
String The descriptive name of the alert type.
-
producer (optional)
String An identifier for the application that produces this alert type.
-
recoveryActionGroup (optional)
-
-
-
-

legacyGetAlertTypes_200_response_inner_actionVariables - Up

-
A list of action variables that the alert type makes available via context and state in action parameter templates, and a short human readable description. The Alert UI will use this information to prompt users for these variables in action parameter editors.
- -
- -
-

legacyGetAlertTypes_200_response_inner_recoveryActionGroup - Up

-
An action group to use when an alert instance goes from an active state to an inactive one. If it is not specified, the default recovered action group is used.
-
-
id (optional)
-
name (optional)
-
-
-
-

legacyGetAlertingHealth_200_response - Up

-
-
-
alertingFrameworkHealth (optional)
-
hasPermanentEncryptionKey (optional)
Boolean If false, the encrypted saved object plugin does not have a permanent encryption key.
-
isSufficientlySecure (optional)
Boolean If false, security is enabled but TLS is not.
-
-
-
-

legacyGetAlertingHealth_200_response_alertingFrameworkHealth - Up

-
Three substates identify the health of the alerting framework: decryptionHealth, executionHealth, and readHealth.
- -
-
-

legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth - Up

-
The timestamp and status of the alert decryption.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth - Up

-
The timestamp and status of the alert execution.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth - Up

-
The timestamp and status of the alert reading events.
-
-
status (optional)
-
Enum:
-
error
ok
warn
-
timestamp (optional)
Date format: date-time
-
-
-
-

notify_when - Up

-
Indicates how often alerts generate actions. Valid values include: onActionGroupChange: Actions run when the alert status changes; onActiveAlert: Actions run when the alert becomes active and at each check interval while the rule conditions are met; onThrottleInterval: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met.
-
-
-
-
-

rule_response_properties - Rule response properties Up

-
-
-
actions
-
api_key_owner
-
consumer
String The application or feature that owns the rule. For example, alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime.
-
created_at
Date The date and time that the rule was created. format: date-time
-
created_by
String The identifier for the user that created the rule.
-
enabled
Boolean Indicates whether the rule is currently enabled.
-
execution_status
-
id
String The identifier for the rule.
-
last_run (optional)
-
muted_alert_ids
-
mute_all
-
name
String The name of the rule.
-
next_run (optional)
Date format: date-time
-
notify_when
-
params
map[String, oas_any_type_not_mapped] The parameters for the rule.
-
rule_type_id
String The identifier for the type of rule. For example, .es-query, .index-threshold, logs.alert.document.count, monitoring_alert_cluster_health, siem.thresholdRule, or xpack.ml.anomaly_detection_alert.
-
schedule
-
scheduled_task_id (optional)
-
tags
array[String] The tags for the rule.
-
throttle
String The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if notify_when is set to onThrottleInterval. It is specified in seconds, minutes, hours, or days.
-
updated_at
String The date and time that the rule was updated most recently.
-
updated_by
String The identifier for the user that updated this rule most recently.
-
-
-
-

rule_response_properties_execution_status - Up

-
-
-
last_duration (optional)
-
last_execution_date (optional)
Date format: date-time
-
status (optional)
-
-
-
-

rule_response_properties_last_run - Up

-
-
-
alerts_count (optional)
-
outcome (optional)
-
outcome_msg (optional)
-
warning (optional)
-
-
-
-

rule_response_properties_last_run_alerts_count - Up

-
-
-
active (optional)
-
ignored (optional)
-
new (optional)
-
recovered (optional)
-
-
-
-

schedule - Up

-
The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.
-
-
interval (optional)
-
-
-
-

update_rule_request - Update rule request Up

-
The update rule API request body varies depending on the type of rule and actions.
-
-
actions (optional)
-
name
String The name of the rule.
-
notify_when
-
params
map[String, oas_any_type_not_mapped] The parameters for the rule.
-
schedule
-
tags (optional)
array[String] The tags for the rule.
-
throttle (optional)
String The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if notify_when is set to onThrottleInterval. It is specified in seconds, minutes, hours, or days.
-
-
-
-++++ diff --git a/docs/api-generated/rules/rule-apis.asciidoc b/docs/api-generated/rules/rule-apis.asciidoc deleted file mode 100644 index fb963582fb6da..0000000000000 --- a/docs/api-generated/rules/rule-apis.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[[rule-apis]] -== Alert and rule APIs - -preview::[] - -//// -This file includes content that has been generated from https://github.com/elastic/kibana/tree/main/x-pack/plugins/alerting/docs/openapi. Any modifications required must be done in that open API specification. -//// - -include::rule-apis-passthru.asciidoc[] \ No newline at end of file diff --git a/docs/api-generated/template/index.mustache b/docs/api-generated/template/index.mustache deleted file mode 100644 index 8c1162f909508..0000000000000 --- a/docs/api-generated/template/index.mustache +++ /dev/null @@ -1,170 +0,0 @@ -//// -This content is generated from the open API specification. -Any modifications made to this file will be overwritten. -//// - -++++ -
-

Access

- {{#hasAuthMethods}} -
    - {{#authMethods}} -
  1. {{#isBasic}}HTTP Basic Authentication{{/isBasic}}{{#isOAuth}}OAuth AuthorizationUrl:{{authorizationUrl}}TokenUrl:{{tokenUrl}}{{/isOAuth}}{{#isApiKey}}APIKey KeyParamName:{{keyParamName}} KeyInQuery:{{isKeyInQuery}} KeyInHeader:{{isKeyInHeader}}{{/isApiKey}}
  2. - {{/authMethods}} -
- {{/hasAuthMethods}} - -

Methods

- [ Jump to Models ] - - {{! for the tables of content, I cheat and don't use CSS styles.... }} -

Table of Contents

-
{{access}}
- {{#apiInfo}} - {{#apis}} - {{#operations}} -

{{baseName}}

- - {{/operations}} - {{/apis}} - {{/apiInfo}} - - {{#apiInfo}} - {{#apis}} - {{#operations}} -

{{baseName}}

- {{#operation}} -
-
- Up -
{{httpMethod}} {{path}}
-
{{summary}} ({{nickname}})
- {{! notes is operation.description. So why rename it and make it super confusing???? }} -
{{notes}}
- - {{#hasPathParams}} -

Path parameters

-
- {{#pathParams}}{{>pathParam}}{{/pathParams}} -
- {{/hasPathParams}} - - {{#hasConsumes}} -

Consumes

- This API call consumes the following media types via the Content-Type request header: -
    - {{#consumes}} -
  • {{{mediaType}}}
  • - {{/consumes}} -
- {{/hasConsumes}} - - {{#hasBodyParam}} -

Request body

-
- {{#bodyParams}}{{>bodyParam}}{{/bodyParams}} -
- {{/hasBodyParam}} - - {{#hasHeaderParams}} -

Request headers

-
- {{#headerParams}}{{>headerParam}}{{/headerParams}} -
- {{/hasHeaderParams}} - - {{#hasQueryParams}} -

Query parameters

-
- {{#queryParams}}{{>queryParam}}{{/queryParams}} -
- {{/hasQueryParams}} - - {{#hasFormParams}} -

Form parameters

-
- {{#formParams}}{{>formParam}}{{/formParams}} -
- {{/hasFormParams}} - - {{#returnType}} -

Return type

-
- {{#hasReference}}{{^returnSimpleType}}{{returnContainer}}[{{/returnSimpleType}}{{returnBaseType}}{{^returnSimpleType}}]{{/returnSimpleType}}{{/hasReference}} - {{^hasReference}}{{returnType}}{{/hasReference}} -
- {{/returnType}} - - - - {{#hasExamples}} - {{#examples}} -

Example data

-
Content-Type: {{{contentType}}}
-
{{{example}}}
- {{/examples}} - {{/hasExamples}} - - {{#hasProduces}} -

Produces

- This API call produces the following media types according to the Accept request header; - the media type will be conveyed by the Content-Type response header. -
    - {{#produces}} -
  • {{{mediaType}}}
  • - {{/produces}} -
- {{/hasProduces}} - -

Responses

- {{#responses}} -

{{code}}

- {{message}} - {{^containerType}}{{dataType}}{{/containerType}} - {{#examples}} -

Example data

-
Content-Type: {{{contentType}}}
-
{{example}}
- {{/examples}} - {{/responses}} -
-
- {{/operation}} - {{/operations}} - {{/apis}} - {{/apiInfo}} - -

Models

- [ Jump to Methods ] - -

Table of Contents

-
    - {{#models}} - {{#model}} -
  1. {{name}}{{#title}} - {{.}}{{/title}}
  2. - {{/model}} - {{/models}} -
- - {{#models}} - {{#model}} -
-

{{name}}{{#title}} - {{.}}{{/title}} Up

- {{#unescapedDescription}}
{{.}}
{{/unescapedDescription}} -
- {{#vars}}
{{name}} {{^required}}(optional){{/required}}
{{^isPrimitiveType}}{{dataType}}{{/isPrimitiveType}} {{unescapedDescription}} {{#dataFormat}}format: {{{.}}}{{/dataFormat}}
- {{#isEnum}} -
Enum:
- {{#_enum}}
{{this}}
{{/_enum}} - {{/isEnum}} - {{/vars}} -
-
- {{/model}} - {{/models}} -
-++++ diff --git a/docs/api/actions-and-connectors/create.asciidoc b/docs/api/actions-and-connectors/create.asciidoc index 259c5dfee00af..55168ecf796ca 100644 --- a/docs/api/actions-and-connectors/create.asciidoc +++ b/docs/api/actions-and-connectors/create.asciidoc @@ -9,7 +9,7 @@ Creates a connector. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [[create-connector-api-request]] diff --git a/docs/api/actions-and-connectors/delete.asciidoc b/docs/api/actions-and-connectors/delete.asciidoc index d908f276b7461..81619cdf26b5c 100644 --- a/docs/api/actions-and-connectors/delete.asciidoc +++ b/docs/api/actions-and-connectors/delete.asciidoc @@ -11,7 +11,7 @@ WARNING: When you delete a connector, _it cannot be recovered_. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [discrete] diff --git a/docs/api/actions-and-connectors/execute.asciidoc b/docs/api/actions-and-connectors/execute.asciidoc index 6d94c61f6232b..1f241202b4adc 100644 --- a/docs/api/actions-and-connectors/execute.asciidoc +++ b/docs/api/actions-and-connectors/execute.asciidoc @@ -9,7 +9,7 @@ Runs a connector by ID. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [[execute-connector-api-request]] diff --git a/docs/api/actions-and-connectors/get.asciidoc b/docs/api/actions-and-connectors/get.asciidoc index a43787dc2a33e..92414babd1638 100644 --- a/docs/api/actions-and-connectors/get.asciidoc +++ b/docs/api/actions-and-connectors/get.asciidoc @@ -9,7 +9,7 @@ Retrieves a connector by ID. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [discrete] diff --git a/docs/api/actions-and-connectors/get_all.asciidoc b/docs/api/actions-and-connectors/get_all.asciidoc index 2b5fbe20bf56e..ba2cab86b654f 100644 --- a/docs/api/actions-and-connectors/get_all.asciidoc +++ b/docs/api/actions-and-connectors/get_all.asciidoc @@ -9,7 +9,7 @@ Retrieves all connectors. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [discrete] diff --git a/docs/api/actions-and-connectors/list.asciidoc b/docs/api/actions-and-connectors/list.asciidoc index d7658cdd11da4..e978f75d36c1f 100644 --- a/docs/api/actions-and-connectors/list.asciidoc +++ b/docs/api/actions-and-connectors/list.asciidoc @@ -9,7 +9,7 @@ Retrieves a list of all connector types. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [[list-connector-types-api-request]] diff --git a/docs/api/actions-and-connectors/update.asciidoc b/docs/api/actions-and-connectors/update.asciidoc index b690d3fac995b..7fe3d85ad0ca7 100644 --- a/docs/api/actions-and-connectors/update.asciidoc +++ b/docs/api/actions-and-connectors/update.asciidoc @@ -9,7 +9,7 @@ Updates the attributes for a connector. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[open API specification]. ==== [[update-connector-api-request]] diff --git a/docs/api/alerting/create_rule.asciidoc b/docs/api/alerting/create_rule.asciidoc index 590c33e895ea7..23ae551a92e33 100644 --- a/docs/api/alerting/create_rule.asciidoc +++ b/docs/api/alerting/create_rule.asciidoc @@ -9,7 +9,7 @@ Create {kib} rules. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[create-rule-api-request]] diff --git a/docs/api/alerting/delete_rule.asciidoc b/docs/api/alerting/delete_rule.asciidoc index 143507fa20600..220b4dfa9ece4 100644 --- a/docs/api/alerting/delete_rule.asciidoc +++ b/docs/api/alerting/delete_rule.asciidoc @@ -11,7 +11,7 @@ WARNING: After you delete a rule, you cannot recover it. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[delete-rule-api-request]] diff --git a/docs/api/alerting/disable_rule.asciidoc b/docs/api/alerting/disable_rule.asciidoc index d1c41eed9eaf1..8f370072a689c 100644 --- a/docs/api/alerting/disable_rule.asciidoc +++ b/docs/api/alerting/disable_rule.asciidoc @@ -9,7 +9,7 @@ Disable a rule. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[disable-rule-api-request]] diff --git a/docs/api/alerting/enable_rule.asciidoc b/docs/api/alerting/enable_rule.asciidoc index b87c0b9228b1b..f51f6c9295332 100644 --- a/docs/api/alerting/enable_rule.asciidoc +++ b/docs/api/alerting/enable_rule.asciidoc @@ -11,7 +11,7 @@ WARNING: This API supports <> only. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[enable-rule-api-request]] diff --git a/docs/api/alerting/find_rules.asciidoc b/docs/api/alerting/find_rules.asciidoc index 0879cc77770aa..a9a9ee225db7e 100644 --- a/docs/api/alerting/find_rules.asciidoc +++ b/docs/api/alerting/find_rules.asciidoc @@ -9,7 +9,7 @@ Retrieve a paginated set of rules based on condition. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[find-rules-api-request]] diff --git a/docs/api/alerting/get_rules.asciidoc b/docs/api/alerting/get_rules.asciidoc index fd291617e08d3..fe0c9806d6d65 100644 --- a/docs/api/alerting/get_rules.asciidoc +++ b/docs/api/alerting/get_rules.asciidoc @@ -9,7 +9,7 @@ Retrieve a rule by ID. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[get-rule-api-request]] diff --git a/docs/api/alerting/health.asciidoc b/docs/api/alerting/health.asciidoc index ce22ece799b76..0c1903663b7a9 100644 --- a/docs/api/alerting/health.asciidoc +++ b/docs/api/alerting/health.asciidoc @@ -9,7 +9,7 @@ Retrieve the health status of the alerting framework. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[get-alerting-framework-health-api-request]] diff --git a/docs/api/alerting/list_rule_types.asciidoc b/docs/api/alerting/list_rule_types.asciidoc index 32b4be086705a..7640d50b3ccd0 100644 --- a/docs/api/alerting/list_rule_types.asciidoc +++ b/docs/api/alerting/list_rule_types.asciidoc @@ -9,7 +9,7 @@ Retrieve a list of rule types that the user is authorized to access. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== diff --git a/docs/api/alerting/mute_alert.asciidoc b/docs/api/alerting/mute_alert.asciidoc index 3ac99f0d3dda0..ad6d87848dfee 100644 --- a/docs/api/alerting/mute_alert.asciidoc +++ b/docs/api/alerting/mute_alert.asciidoc @@ -9,7 +9,7 @@ Mute an alert. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[mute-alert-api-request]] diff --git a/docs/api/alerting/mute_all_alerts.asciidoc b/docs/api/alerting/mute_all_alerts.asciidoc index a3c1fc0084245..b33d337d473ca 100644 --- a/docs/api/alerting/mute_all_alerts.asciidoc +++ b/docs/api/alerting/mute_all_alerts.asciidoc @@ -9,7 +9,7 @@ Mute all alerts. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[mute-all-alerts-api-request]] diff --git a/docs/api/alerting/unmute_alert.asciidoc b/docs/api/alerting/unmute_alert.asciidoc index 8efa95a16edd7..81bb641b259f9 100644 --- a/docs/api/alerting/unmute_alert.asciidoc +++ b/docs/api/alerting/unmute_alert.asciidoc @@ -9,7 +9,7 @@ Unmute an alert. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[unmute-alert-api-request]] diff --git a/docs/api/alerting/unmute_all_alerts.asciidoc b/docs/api/alerting/unmute_all_alerts.asciidoc index a4e2a91847397..0594727c71268 100644 --- a/docs/api/alerting/unmute_all_alerts.asciidoc +++ b/docs/api/alerting/unmute_all_alerts.asciidoc @@ -9,7 +9,7 @@ Unmute all alerts. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[unmute-all-alerts-api-all-request]] diff --git a/docs/api/alerting/update_rule.asciidoc b/docs/api/alerting/update_rule.asciidoc index 0db4c2cf38195..8108229cb88cc 100644 --- a/docs/api/alerting/update_rule.asciidoc +++ b/docs/api/alerting/update_rule.asciidoc @@ -9,7 +9,7 @@ Update the attributes for an existing rule. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. ==== [[update-rule-api-request]] diff --git a/docs/api/cases/cases-api-add-comment.asciidoc b/docs/api/cases/cases-api-add-comment.asciidoc index 48c3ffb5845b8..28b8959d5a017 100644 --- a/docs/api/cases/cases-api-add-comment.asciidoc +++ b/docs/api/cases/cases-api-add-comment.asciidoc @@ -9,7 +9,7 @@ Adds a comment or alert to a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-create.asciidoc b/docs/api/cases/cases-api-create.asciidoc index f124d3500228c..2145acd360532 100644 --- a/docs/api/cases/cases-api-create.asciidoc +++ b/docs/api/cases/cases-api-create.asciidoc @@ -9,7 +9,7 @@ Creates a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-delete-cases.asciidoc b/docs/api/cases/cases-api-delete-cases.asciidoc index 013dc9567db2e..abf518d212095 100644 --- a/docs/api/cases/cases-api-delete-cases.asciidoc +++ b/docs/api/cases/cases-api-delete-cases.asciidoc @@ -9,7 +9,7 @@ Deletes one or more cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-delete-comments.asciidoc b/docs/api/cases/cases-api-delete-comments.asciidoc index 130158bd021c2..dc8fe0e120574 100644 --- a/docs/api/cases/cases-api-delete-comments.asciidoc +++ b/docs/api/cases/cases-api-delete-comments.asciidoc @@ -9,7 +9,7 @@ Deletes one or all comments and alerts from a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-find-cases.asciidoc b/docs/api/cases/cases-api-find-cases.asciidoc index 4f80086e8f8c4..f042bcfa605e3 100644 --- a/docs/api/cases/cases-api-find-cases.asciidoc +++ b/docs/api/cases/cases-api-find-cases.asciidoc @@ -9,7 +9,7 @@ Retrieves a paginated subset of cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-find-connectors.asciidoc b/docs/api/cases/cases-api-find-connectors.asciidoc index 6968bc55d88bb..974e3e9a2211b 100644 --- a/docs/api/cases/cases-api-find-connectors.asciidoc +++ b/docs/api/cases/cases-api-find-connectors.asciidoc @@ -13,7 +13,7 @@ returned. Refer to the list of supported external incident management systems in [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-alerts.asciidoc b/docs/api/cases/cases-api-get-alerts.asciidoc index 1b9c1da1bd926..fea5b5f9a7354 100644 --- a/docs/api/cases/cases-api-get-alerts.asciidoc +++ b/docs/api/cases/cases-api-get-alerts.asciidoc @@ -11,7 +11,7 @@ Gets all alerts attached to a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-case-activity.asciidoc b/docs/api/cases/cases-api-get-case-activity.asciidoc index da23e845164db..fd512941f08e3 100644 --- a/docs/api/cases/cases-api-get-case-activity.asciidoc +++ b/docs/api/cases/cases-api-get-case-activity.asciidoc @@ -11,7 +11,7 @@ deprecated::[8.1.0] [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-case.asciidoc b/docs/api/cases/cases-api-get-case.asciidoc index b5942f0424408..fe2b4c54b85e5 100644 --- a/docs/api/cases/cases-api-get-case.asciidoc +++ b/docs/api/cases/cases-api-get-case.asciidoc @@ -9,7 +9,7 @@ Returns information about a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-cases-by-alert.asciidoc b/docs/api/cases/cases-api-get-cases-by-alert.asciidoc index 14b45f9b4b0e7..47a0c5973830a 100644 --- a/docs/api/cases/cases-api-get-cases-by-alert.asciidoc +++ b/docs/api/cases/cases-api-get-cases-by-alert.asciidoc @@ -11,7 +11,7 @@ Returns the cases associated with a specific alert. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== diff --git a/docs/api/cases/cases-api-get-comments.asciidoc b/docs/api/cases/cases-api-get-comments.asciidoc index 5f7bb938f588a..fb0e497f4ebf1 100644 --- a/docs/api/cases/cases-api-get-comments.asciidoc +++ b/docs/api/cases/cases-api-get-comments.asciidoc @@ -9,7 +9,7 @@ Gets a comment or all comments for a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-configuration.asciidoc b/docs/api/cases/cases-api-get-configuration.asciidoc index fec5eb8bdedd6..e78eaa634f716 100644 --- a/docs/api/cases/cases-api-get-configuration.asciidoc +++ b/docs/api/cases/cases-api-get-configuration.asciidoc @@ -10,7 +10,7 @@ default connector for cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-get-reporters.asciidoc b/docs/api/cases/cases-api-get-reporters.asciidoc index 9792bc77ae517..48f373c65986a 100644 --- a/docs/api/cases/cases-api-get-reporters.asciidoc +++ b/docs/api/cases/cases-api-get-reporters.asciidoc @@ -9,7 +9,7 @@ Returns information about the users who opened cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== diff --git a/docs/api/cases/cases-api-get-status.asciidoc b/docs/api/cases/cases-api-get-status.asciidoc index a6d64bc4e9585..ce9205febae5a 100644 --- a/docs/api/cases/cases-api-get-status.asciidoc +++ b/docs/api/cases/cases-api-get-status.asciidoc @@ -9,7 +9,7 @@ Returns the number of cases that are open, closed, and in progress. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== deprecated::[8.1.0] diff --git a/docs/api/cases/cases-api-get-tags.asciidoc b/docs/api/cases/cases-api-get-tags.asciidoc index e22a2f08cfda5..993c7d88f538a 100644 --- a/docs/api/cases/cases-api-get-tags.asciidoc +++ b/docs/api/cases/cases-api-get-tags.asciidoc @@ -9,7 +9,7 @@ Aggregates and returns a list of case tags. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-push.asciidoc b/docs/api/cases/cases-api-push.asciidoc index 5f7a0c268ff1c..e3bf2464d19b7 100644 --- a/docs/api/cases/cases-api-push.asciidoc +++ b/docs/api/cases/cases-api-push.asciidoc @@ -9,7 +9,7 @@ Pushes a case to an external service. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-set-configuration.asciidoc b/docs/api/cases/cases-api-set-configuration.asciidoc index a32cc555ed052..6d7e9320672e6 100644 --- a/docs/api/cases/cases-api-set-configuration.asciidoc +++ b/docs/api/cases/cases-api-set-configuration.asciidoc @@ -10,7 +10,7 @@ default connector for cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-update-comment.asciidoc b/docs/api/cases/cases-api-update-comment.asciidoc index 13adb2218029e..fc8d97e779fd0 100644 --- a/docs/api/cases/cases-api-update-comment.asciidoc +++ b/docs/api/cases/cases-api-update-comment.asciidoc @@ -9,7 +9,7 @@ Updates a comment or alert in a case. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-update-configuration.asciidoc b/docs/api/cases/cases-api-update-configuration.asciidoc index dcfe01ef84179..b30a8f0bb79b2 100644 --- a/docs/api/cases/cases-api-update-configuration.asciidoc +++ b/docs/api/cases/cases-api-update-configuration.asciidoc @@ -10,7 +10,7 @@ connector for cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/cases/cases-api-update.asciidoc b/docs/api/cases/cases-api-update.asciidoc index ca75e34597afc..46c5ac7763600 100644 --- a/docs/api/cases/cases-api-update.asciidoc +++ b/docs/api/cases/cases-api-update.asciidoc @@ -9,7 +9,7 @@ Updates one or more cases. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[open API specification]. ==== === {api-request-title} diff --git a/docs/api/machine-learning/sync.asciidoc b/docs/api/machine-learning/sync.asciidoc index af4f797ade1f2..bd65ce56dd5d1 100644 --- a/docs/api/machine-learning/sync.asciidoc +++ b/docs/api/machine-learning/sync.asciidoc @@ -9,7 +9,7 @@ Synchronizes {kib} saved objects for {ml} jobs and trained models. [NOTE] ==== For the most up-to-date API details, refer to the -{kib-repo}/tree/{branch}/x-pack/plugins/ml/common/openapi[open API specification]. For a preview, check out <>. +{kib-repo}/tree/{branch}/x-pack/plugins/ml/common/openapi[open API specification]. ==== [[machine-learning-api-sync-request]] diff --git a/docs/apis.asciidoc b/docs/apis.asciidoc deleted file mode 100644 index d85d9ce3f35eb..0000000000000 --- a/docs/apis.asciidoc +++ /dev/null @@ -1,17 +0,0 @@ -[role="exclude",id="apis"] -= APIs - -[partintro] --- - -preview::[] - -These APIs are documented using the OpenAPI specification. The current supported -version of the specification is 3.0. For more information, go to https://openapi-generator.tech/[OpenAPI Generator] - --- - -include::api-generated/cases/case-apis.asciidoc[] -include::api-generated/connectors/connector-apis.asciidoc[] -include::api-generated/machine-learning/ml-apis.asciidoc[] -include::api-generated/rules/rule-apis.asciidoc[] \ No newline at end of file diff --git a/docs/index.asciidoc b/docs/index.asciidoc index 2823529df18d3..98777c09bcdd8 100644 --- a/docs/index.asciidoc +++ b/docs/index.asciidoc @@ -29,7 +29,5 @@ include::CHANGELOG.asciidoc[] include::developer/index.asciidoc[] -include::apis.asciidoc[] - include::redirects.asciidoc[] diff --git a/docs/redirects.asciidoc b/docs/redirects.asciidoc index 02f57f5789d77..863c7b34fba32 100644 --- a/docs/redirects.asciidoc +++ b/docs/redirects.asciidoc @@ -420,3 +420,9 @@ This page has been deleted. Refer to <>. == Alerts and Actions This page has been deleted. Refer to <>. + +[role="exclude",id="apis"] +== APIs + +For the most up-to-date API details, refer to the +{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[alerting], {kib-repo}/tree/{branch}/x-pack/plugins/cases/docs/openapi[cases], {kib-repo}/tree/{branch}/x-pack/plugins/actions/docs/openapi[connectors], and {kib-repo}/tree/{branch}/x-pack/plugins/ml/common/openapi[machine learning] open API specifications.