/kibana-alerting | Type: Application | PCID required: Yes
Tools
kibana_alerting_delete_actions_connector_id
Delete a connector Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | An identifier for the connector. |
kibana_alerting_delete_maintenance_window_id
Delete a maintenance window. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the maintenance window to be deleted. |
kibana_alerting_delete_rule_id
Delete a rule Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the rule. |
kibana_alerting_delete_rule_ruleid_snooze_schedule_scheduleid
Delete a snooze schedule for a rule Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
ruleId | string | Yes | — | The identifier for the rule. |
scheduleId | string | Yes | — | The identifier for the snooze schedule. |
kibana_alerting_delete_rules_backfill_id
Delete a backfill by ID Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the backfill. |
kibana_alerting_get_actions_connector_id
Get connector information Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | An identifier for the connector. |
kibana_alerting_get_actions_connector_oauth_callback
Handle OAuth callback Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
code | string | No | — | The authorization code returned by the OAuth provider. |
state | string | No | — | The state parameter for CSRF protection. |
error | string | No | — | Error code if the authorization failed. |
error_description | string | No | — | Human-readable error description. |
session_state | string | No | — | Session state from the OAuth provider (e.g., Microsoft). |
kibana_alerting_get_actions_connector_types
Get connector types Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
feature_id | string | No | — | A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases). |
kibana_alerting_get_actions_connectors
Get all connectorskibana_alerting_get_health
Get the alerting framework healthkibana_alerting_get_maintenance_window_find
Search for a maintenance window. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
title | string | No | — | The title of the maintenance window. |
created_by | string | No | — | The user who created the maintenance window. |
status | string[] | No | — | The status of the maintenance window. It can be “running”, “upcoming”, “finished”, “archived”, or “disabled”. |
page | number | No | — | The page number to return. |
per_page | number | No | — | The number of maintenance windows to return per page. |
kibana_alerting_get_maintenance_window_id
Get maintenance window details. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the maintenance window. |
kibana_alerting_get_rule_id
Get rule details Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the rule. |
kibana_alerting_get_rule_types
Get the rule typeskibana_alerting_get_rules_backfill_id
Get a backfill by ID Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the backfill. |
kibana_alerting_get_rules_find
Get information about rules Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
per_page | number | No | — | The number of rules to return per page. |
page | number | No | — | The page number to return. |
search | string | No | — | An Elasticsearch simple_query_string query that filters the objects in the response. |
default_search_operator | string | No | — | The default operator to use for the simple_query_string. |
search_fields | string[] | No | — | The fields to perform the simple_query_string parsed query against. |
sort_field | string | No | — | Determines which field is used to sort the results. The field must exist in the attributes key of the response. |
sort_order | string | No | — | Determines the sort order. |
has_reference | object | No | — | Filters the rules that have a relation with the reference objects with a specific type and identifier. |
fields | string[] | No | — | The fields to return in the attributes key of the response. |
filter | string | No | — | A KQL string that you filter with an attribute from your saved object. It should look like savedObjectType.attributes.title: "myTitle". However, if you used a direct attribute of a saved object, such as updatedAt, you must define your filter, for example, savedObjectType.updatedAt > 2018-12-22. |
filter_consumers | string[] | No | — | Filter Consumers |
kibana_alerting_patch_maintenance_window_id
Update a maintenance window. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The id value |
enabled | boolean | No | — | Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. |
schedule | object | No | — | The schedule value |
scope | object | No | — | The scope value |
title | string | No | — | The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. |
kibana_alerting_post_actions_connector_id
Create a connector Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | An identifier for the connector. |
config | object | No | — | The connector configuration details. |
connector_type_id | string | Yes | — | The type of connector. |
name | string | Yes | — | The display name for the connector. |
secrets | object | No | — | The secrets value |
kibana_alerting_post_actions_connector_id_execute
Run a connector Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | An identifier for the connector. |
params | object | Yes | — | The params value |
kibana_alerting_post_maintenance_window
Create a maintenance window. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
enabled | boolean | No | — | Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. |
schedule | object | Yes | — | The schedule value |
scope | object | No | — | The scope value |
title | string | Yes | — | The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. |
kibana_alerting_post_maintenance_window_id_archive
Archive a maintenance window. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the maintenance window to be archived. |
kibana_alerting_post_maintenance_window_id_unarchive
Unarchive a maintenance window. Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the maintenance window to be unarchived. |
kibana_alerting_post_rule_id
Create a rule Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the rule. If it is omitted, an ID is randomly generated. |
actions | object[] | No | — | The actions value |
alert_delay | object | No | — | Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. |
artifacts | object | No | — | The artifacts value |
consumer | string | Yes | — | The name of the application or feature that owns the rule. For example: alerts, apm, discover, infrastructure, logs, metrics, ml, monitoring, securitySolution, siem, stackAlerts, or uptime. |
enabled | boolean | No | — | Indicates whether you want to run the rule on an interval basis after it is created. |
flapping | object | No | — | When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. |
name | string | Yes | — | The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. |
notify_when | string | No | — | Indicates how often alerts generate actions. Valid values include: onActionGroupChange: Actions run when the alert status changes; onActiveAlert: Actions run when the alert becomes active and at each check interval while the rule conditions are met; onThrottleInterval: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify notify_when at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. |
params | object | No | — | The parameters for the rule. |
rule_type_id | string | Yes | — | The rule type identifier. |
schedule | object | Yes | — | The check interval, which specifies how frequently the rule conditions are checked. |
tags | string[] | No | — | The tags for the rule. |
throttle | string | No | — | Use the throttle property in the action frequency object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. |
kibana_alerting_post_rule_id_disable
Disable a rule Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the rule. |
untrack | boolean | No | — | Defines whether this rule’s alerts should be untracked. |
kibana_alerting_post_rule_id_enable
Enable a rule Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the rule. |
kibana_alerting_post_rule_id_mute_all
Mute all alerts Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the rule. |
kibana_alerting_post_rule_id_snooze_schedule
Schedule a snooze for the rule Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | Identifier of the rule. |
schedule | object | Yes | — | The schedule value |
kibana_alerting_post_rule_id_unmute_all
Unmute all alerts Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the rule. |
kibana_alerting_post_rule_id_update_api_key
Update the API key for a rule Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the rule. |
kibana_alerting_post_rule_rule_id_alert_alert_id_mute
Mute an alert Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
rule_id | string | Yes | — | The identifier for the rule. |
alert_id | string | Yes | — | The identifier for the alert. |
validate_alerts_existence | boolean | No | — | Whether to validate the existence of the alert. |
kibana_alerting_post_rule_rule_id_alert_alert_id_unmute
Unmute an alert Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
rule_id | string | Yes | — | The identifier for the rule. |
alert_id | string | Yes | — | The identifier for the alert. |
kibana_alerting_post_rules_backfill_find
Find backfills for rules Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
end | string | No | — | The end date for filtering backfills. |
page | number | No | — | The page number to return. |
per_page | number | No | — | The number of backfills to return per page. |
rule_ids | string | No | — | A comma-separated list of rule identifiers. |
initiator | string | No | — | The initiator of the backfill, either user for manual backfills or system for automatic gap fills. |
start | string | No | — | The start date for filtering backfills. |
sort_field | string | No | — | The field to sort backfills by. |
sort_order | string | No | — | The sort order. |
kibana_alerting_post_rules_backfill_schedule
Schedule a backfill for rules Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
body | object[] | No | — | Request body |
kibana_alerting_put_actions_connector_id
Update a connector Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | An identifier for the connector. |
config | object | No | — | The connector configuration details. |
name | string | Yes | — | The display name for the connector. |
secrets | object | No | — | The secrets value |
kibana_alerting_put_rule_id
Update a rule Parameters:| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | Yes | — | The identifier for the rule. |
actions | object[] | No | — | The actions value |
alert_delay | object | No | — | Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. |
artifacts | object | No | — | The artifacts value |
flapping | object | No | — | When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. |
name | string | Yes | — | The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. |
notify_when | string | No | — | Indicates how often alerts generate actions. Valid values include: onActionGroupChange: Actions run when the alert status changes; onActiveAlert: Actions run when the alert becomes active and at each check interval while the rule conditions are met; onThrottleInterval: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify notify_when at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. |
params | object | No | — | The parameters for the rule. |
schedule | object | Yes | — | The schedule value |
tags | string[] | No | — | The tags value |
throttle | string | No | — | Use the throttle property in the action frequency object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. |