From 37d6545699b3dd68b7bf7bc40a1aa86af2a44bd6 Mon Sep 17 00:00:00 2001 From: "Christiane (Tina) Heiligers" Date: Tue, 3 Sep 2024 15:59:50 -0700 Subject: [PATCH] [docs] Document internal API restriction in 9.0 (#191943) fix: https://github.com/elastic/kibana/issues/191941 Adds note that access to internal APIs will be restricted as of 9.0: ![document-restricted-internal-API-access](https://github.com/user-attachments/assets/56b5c43d-ff6f-4b5b-8c18-2cbe1a1de7c3) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine Co-authored-by: lcawl --- docs/user/api.asciidoc | 2 + oas_docs/kibana.info.yaml | 6 +- oas_docs/output/kibana.serverless.yaml | 23196 ++++++++++------------- oas_docs/output/kibana.yaml | 5748 +----- 4 files changed, 10629 insertions(+), 18323 deletions(-) diff --git a/docs/user/api.asciidoc b/docs/user/api.asciidoc index 03ad9763fb4384..3c9b6deebe3c47 100644 --- a/docs/user/api.asciidoc +++ b/docs/user/api.asciidoc @@ -5,6 +5,8 @@ Some {kib} features are provided via a REST API, which is ideal for creating an integration with {kib}, or automating certain aspects of configuring and deploying {kib}. +NOTE: Access to internal {kib} API endpoints will be restricted in 9.0. Please move any integrations to publicly documented APIs. + NOTE: For the latest details, refer to {api-kibana}[{kib} API]. [float] diff --git a/oas_docs/kibana.info.yaml b/oas_docs/kibana.info.yaml index 40795333fcf448..534d88c6f23b54 100644 --- a/oas_docs/kibana.info.yaml +++ b/oas_docs/kibana.info.yaml @@ -24,6 +24,10 @@ info: ``` For more information about the console, refer to [Run API requests](https://www.elastic.co/guide/en/kibana/current/console-kibana.html). + + NOTE: Access to internal Kibana API endpoints will be restricted in Kibana version 9.0. Please move any integrations to publicly documented APIs. + + version: '1.0.2' license: name: Attribution-NonCommercial-NoDerivatives 4.0 International @@ -53,4 +57,4 @@ components: For example: `Authorization: ApiKey base64AccessApiKey` basicAuth: type: http - scheme: basic \ No newline at end of file + scheme: basic diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 95791618ee7e2c..0b90ed3464d8ae 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -64,10 +64,6 @@ servers: port: default: '5601' - url: 'http://localhost:5622' - - url: 'https://{kibanaUrl}' - variables: - kibanaUrl: - default: 'localhost:5601' - url: 'https://{kibana_url}' variables: kibana_url: @@ -231,6 +227,7 @@ paths: - $ref: '#/components/parameters/Fleet_page_size' - $ref: '#/components/parameters/Fleet_page_index' - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' - description: >- When set to true, retrieve the related package policies for each agent policy. @@ -302,7 +299,8 @@ paths: /agent_policies/_bulk_get: post: operationId: bulk-get-agent-policies - parameters: [] + parameters: + - $ref: '#/components/parameters/Fleet_format' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -368,6 +366,7 @@ paths: required: true schema: type: string + - $ref: '#/components/parameters/Fleet_format' put: operationId: update-agent-policy parameters: @@ -401,6 +400,7 @@ paths: required: true schema: type: string + - $ref: '#/components/parameters/Fleet_format' post: operationId: agent-policy-copy parameters: @@ -1440,7 +1440,7 @@ paths: - agent2 rollout_duration_seconds: 3600 source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' - start_time: '2022-08-03T14:00:00.000Z' + start_time: 2022-08-03T14:00:00.000Z version: 8.4.0 schema: $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' @@ -1583,259 +1583,184 @@ paths: summary: List agent tags tags: - Elastic Agents - /api/actions/connector: + /api/actions: + get: + deprecated: true + operationId: '%2Fapi%2Factions#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: {} + summary: Get all connectors + tags: + - connectors + /api/actions/action: post: - description: The connector identifier is randomly generated. - operationId: createConnector + deprecated: true + operationId: '%2Fapi%2Factions%2Faction#0' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_email_connector_request - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request - createWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_request - createXmattersConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_request schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_email_connector_response - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response - createWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_response - createXmattersConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_response - schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector with a random ID - tags: - - connectors - /api/actions/connector_types: - get: - operationId: getConnectorTypes - parameters: - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - in: query - name: feature_id - schema: - $ref: '#/components/schemas/Connectors_features' + additionalProperties: false + type: object + properties: + actionTypeId: + description: The connector type identifier. + type: string + config: + additionalProperties: {} + default: {} + type: object + name: + description: The display name for the connector. + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name + - actionTypeId responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorTypesServerlessResponse: - $ref: >- - #/components/examples/Connectors_get_connector_types_generativeai_response - schema: - description: The properties vary for each connector type. - items: - type: object - properties: - enabled: - description: >- - Indicates whether the connector type is enabled in - Kibana. - example: true - type: boolean - enabled_in_config: - description: >- - Indicates whether the connector type is enabled in the - Kibana configuration file. - example: true - type: boolean - enabled_in_license: - description: >- - Indicates whether the connector is enabled in the - license. - example: true - type: boolean - id: - $ref: '#/components/schemas/Connectors_connector_types' - is_system_action_type: - example: false - type: boolean - minimum_license_required: - description: The license that is required to use the connector type. - example: basic - type: string - name: - description: The name of the connector type. - example: Index - type: string - supported_feature_ids: - description: The features that are supported by the connector type. - example: - - alerting - - cases - - siem - items: - $ref: '#/components/schemas/Connectors_features' - type: array - title: Get connector types response body properties - type: array description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connector types + summary: Create a connector tags: - connectors - '/api/actions/connector/{connectorId}': + '/api/actions/action/{id}': delete: - operationId: deleteConnector + deprecated: true + description: 'WARNING: When you delete a connector, it cannot be recovered.' + operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#0' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string responses: '204': description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' summary: Delete a connector tags: - connectors get: - operationId: getConnector - parameters: - - $ref: '#/components/parameters/Connectors_connector_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorResponse: - $ref: '#/components/examples/Connectors_get_connector_response' - schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Get a connector information - tags: - - connectors - post: - operationId: createConnectorId + deprecated: true + operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#1' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - description: > - A UUID v1 or v4 identifier for the connector. If you omit this - parameter, an identifier is randomly generated. + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: An identifier for the connector. in: path - name: connectorId + name: id required: true schema: - example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request - schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response - schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector + summary: Get connector information tags: - connectors put: - operationId: updateConnector + deprecated: true + operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#2' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_update_index_connector_request schema: - $ref: '#/components/schemas/Connectors_update_connector_request' - required: true + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + default: {} + type: object + name: + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' description: Indicates a successful call. - '400': - $ref: '#/components/responses/Connectors_401' - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' summary: Update a connector tags: - connectors - /api/actions/connectors: - get: - operationId: getConnectors - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorsResponse: - $ref: '#/components/examples/Connectors_get_connectors_response' - schema: - items: - $ref: >- - #/components/schemas/Connectors_connector_response_properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connectors - tags: - - connectors - '/api/alerting/rule/{id}': - delete: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2' + '/api/actions/action/{id}/_execute': + post: + deprecated: true + operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0' parameters: - description: The version of the API to use in: header @@ -1852,20 +1777,34 @@ paths: schema: example: 'true' type: string - - description: The identifier for the rule. + - description: An identifier for the connector. in: path name: id required: true schema: type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + params: + additionalProperties: {} + type: object + required: + - params responses: - '204': + '200': description: Indicates a successful call. - summary: Delete a rule + summary: Run a connector tags: - - alerting + - connectors + /api/actions/connector_types: get: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0' + description: You do not need any Kibana feature privileges to run this API. + operationId: '%2Fapi%2Factions%2Fconnector_types#0' parameters: - description: The version of the API to use in: header @@ -1875,12936 +1814,9920 @@ paths: enum: - '2023-10-31' type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - summary: Get rule details - tags: - - alerting - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The identifier for the rule. If it is omitted, an ID is randomly - generated. - in: path - name: id - required: false - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Conditions that affect whether the action runs. If you - specify multiple conditions, all conditions must be - met for the action to run. For example, if an alert - occurs within the specified time frame and matches the - query, the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, `infrastructure`, - `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, - `siem`, `stackAlerts`, or `uptime`. - type: string - enabled: - default: true - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - rule_type_id: - description: The rule type identifier. - type: string - schedule: - additionalProperties: false - description: >- - The check interval, which specifies how frequently the rule - conditions are checked. - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - description: The tags for the rule. - items: - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - rule_type_id - - consumer - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - summary: Create a rule - tags: - - alerting - put: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - items: - description: The tags for the rule. - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - schedule - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - summary: Update a rule - tags: - - alerting - '/api/alerting/rule/{id}/_disable': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - untrack: - description: Defines whether this rule's alerts should be untracked. - type: boolean - x-oas-optional: true - responses: - '204': - description: Indicates a successful call. - summary: Disable a rule - tags: - - alerting - '/api/alerting/rule/{id}/_enable': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Enable a rule - tags: - - alerting - '/api/alerting/rule/{id}/_mute_all': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Mute all alerts - tags: - - alerting - '/api/alerting/rule/{id}/_unmute_all': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Unmute all alerts - tags: - - alerting - '/api/alerting/rule/{id}/_update_api_key': - post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Update the API key for a rule - tags: - - alerting - '/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute': - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Mute an alert - tags: - - alerting - '/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute': - post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Unmute an alert - tags: - - alerting - /api/alerting/rules/_find: - get: - operationId: '%2Fapi%2Falerting%2Frules%2F_find#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The number of rules to return per page. - in: query - name: per_page - required: false - schema: - default: 10 - minimum: 0 - type: number - - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: number - - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. - in: query - name: search - required: false - schema: - type: string - - description: The default operator to use for the simple_query_string. - in: query - name: default_search_operator - required: false - schema: - default: OR - enum: - - OR - - AND - type: string - - description: The fields to perform the simple_query_string parsed query against. - in: query - name: search_fields - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - description: >- - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. - in: query - name: sort_field - required: false - schema: - type: string - - description: Determines the sort order. - in: query - name: sort_order - required: false - schema: - enum: - - asc - - desc - type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. - in: query - name: has_reference - required: false - schema: - additionalProperties: false - nullable: true - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - - in: query - name: fields - required: false - schema: - items: - description: The fields to return in the `attributes` key of the response. - type: string - type: array - - description: >- - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - required: false - schema: - type: string - - in: query - name: filter_consumers - required: false - schema: - items: - description: List of consumers to filter. - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: 'Indicates the start of week, defaults to Monday.' - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - summary: Get information about rules - tags: - - alerting - /api/apm/agent_keys: - post: - description: Create a new agent key for APM. - operationId: createAgentKey - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - type: string - privileges: - items: - enum: - - 'event:write' - - 'config_agent:read' - type: string - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - api_key: - type: string - encoded: - type: string - expiration: - format: int64 - type: integer - id: - type: string - name: - type: string - description: Agent key created successfully - summary: Create an APM agent key - tags: - - APM agent keys - '/api/apm/services/{serviceName}/annotation': - post: - description: Create a new annotation for a specific service. - operationId: createAnnotation - parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - '@timestamp': - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - version: - type: string - tags: - items: - type: string - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _id: - type: string - _index: - type: string - _source: - type: object - properties: - '@timestamp': - type: string - annotation: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: - type: string - type: array - description: Annotation created successfully - summary: Create a service annotation - tags: - - APM annotations - '/api/apm/services/{serviceName}/annotation/search': - get: - description: Search for annotations related to a specific service. - operationId: getAnnotation - parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false - schema: - type: string - - description: The start date for the search - in: query - name: start - required: false - schema: - type: string - - description: The end date for the search - in: query - name: end - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - annotations: - items: - type: object - properties: - '@timestamp': - type: number - id: - type: string - text: - type: string - type: - enum: - - version - type: string - type: array - description: Successful response - summary: Search for annotations - tags: - - APM annotations - /api/data_views: - get: - operationId: getAllDataViewsDefault - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' - schema: - type: object - properties: - data_view: - items: - type: object - properties: - id: - type: string - name: - type: string - namespaces: - items: - type: string - type: array - title: - type: string - typeMeta: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get all data views - tags: - - data views - /api/data_views/data_view: - post: - operationId: createDataViewDefaultw - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create a data view - tags: - - data views - '/api/data_views/data_view/{viewId}': - delete: - description: | - WARNING: When you delete a data view, it cannot be recovered. - operationId: deleteDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '204': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a data view - tags: - - data views - get: - operationId: getDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a data view - tags: - - data views - post: - operationId: updateDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a data view - tags: - - data views - '/api/data_views/data_view/{viewId}/fields': - post: - description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. - operationId: updateFieldsMetadataDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' - schema: - type: object - properties: - fields: - description: The field object. - type: object - required: - - fields - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update data view fields metadata - tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field': - post: - operationId: createRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - summary: Create a runtime field - tags: - - data views - put: - operationId: createUpdateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - description: | - The ID of the data view fields you want to update. - in: path - name: viewId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create or update a runtime field - tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': - delete: - operationId: deleteRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a runtime field from a data view - tags: - - data views - get: - operationId: getRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' - schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a runtime field - tags: - - data views - post: - operationId: updateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' - schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField - required: true - responses: - '200': - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a runtime field - tags: - - data views - /api/data_views/default: - get: - operationId: getDefaultDataViewDefault - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response - schema: - type: object - properties: - data_view_id: - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get the default data view - tags: - - data views - post: - operationId: setDefaultDatailViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - setDefaultDataViewRequest: - $ref: '#/components/examples/Data_views_set_default_data_view_request' - schema: - type: object - properties: - data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. - nullable: true - type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean - required: - - data_view_id - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Set the default data view - tags: - - data views - /api/data_views/swap_references: - post: - description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. - operationId: swapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - swapDataViewRequest: - $ref: '#/components/examples/Data_views_swap_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Swap saved object references - tags: - - data views - /api/data_views/swap_references/_preview: - post: - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. - operationId: previewSwapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - previewSwapDataViewRequest: - $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Preview a saved object reference swap - tags: - - data views - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models. This API runs automatically when you start Kibana and - periodically thereafter. - operationId: mlSync - parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync machine learning saved objects - tags: - - ml - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_request - schema: - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array - required: true - responses: - '200': - content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_response - schema: - additionalProperties: true - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Export saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_request - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_response - schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - /api/status: - get: - operationId: '%2Fapi%2Fstatus#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system - /data_streams: - get: - operationId: data-streams-list - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data_streams: - items: - $ref: '#/components/schemas/Fleet_data_stream' - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List data streams - tags: - - Data streams - parameters: [] - /enrollment_api_keys: - get: - operationId: get-enrollment-api-keys - parameters: [] - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - page - - perPage - - total - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys - tags: - - Fleet enrollment API keys - post: - operationId: create-enrollment-api-keys - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key - tags: - - Fleet enrollment API keys - '/enrollment_api_keys/{keyId}': - delete: - operationId: delete-enrollment-api-key - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete enrollment API key by ID - tags: - - Fleet enrollment API keys - get: - operationId: get-enrollment-api-key - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID - tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /enrollment-api-keys: - get: - deprecated: true - operationId: get-enrollment-api-keys-deprecated - parameters: [] - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - page - - perPage - - total - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys - tags: - - Fleet enrollment API keys - post: - deprecated: true - operationId: create-enrollment-api-keys-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key - tags: - - Fleet enrollment API keys - '/enrollment-api-keys/{keyId}': - delete: - deprecated: true - operationId: delete-enrollment-api-key-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete enrollment API key by ID - tags: - - Fleet enrollment API keys - get: - deprecated: true - operationId: get-enrollment-api-key-deprecated - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID - tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /epm/bulk_assets: - post: - operationId: bulk-get-assets - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - assetIds: - description: list of items necessary to fetch assets - items: - type: object - properties: - id: - type: string - type: - type: string - type: array - required: - - assetIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_get_bulk_assets_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get assets - tags: - - Elastic Package Manager (EPM) - /epm/categories: - get: - operationId: get-package-categories - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_get_categories_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List package categories - tags: - - Elastic Package Manager (EPM) - parameters: - - description: >- - Whether to include prerelease packages in categories count (e.g. beta, - rc, preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: include_policy_templates - schema: - default: false - type: boolean - /epm/packages: - get: - operationId: list-all-packages - parameters: - - description: >- - Whether to exclude the install status of each package. Enabling this - option will opt in to caching for the response via `cache-control` - headers. If you don't need up-to-date installation info for a - package, and are querying for a list of available packages, - providing this flag can improve performance substantially. - in: query - name: excludeInstallStatus - schema: - default: false - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: category - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_get_packages_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List packages - tags: - - Elastic Package Manager (EPM) - post: - description: '' - operationId: install-package-by-upload - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean - requestBody: - content: - application/gzip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - application/zip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _meta: - type: object - properties: - install_source: - enum: - - upload - - registry - - bundled - type: string - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '429': - $ref: '#/components/responses/Fleet_error' - summary: Install by package by direct upload - tags: - - Elastic Package Manager (EPM) - /epm/packages/_bulk: - post: - operationId: bulk-install-packages - parameters: - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - description: force install to ignore package verification errors - type: boolean - packages: - description: list of packages to install - items: - oneOf: - - description: package name - type: string - - type: object - properties: - name: - description: package name - type: string - version: - description: package version - type: string - type: array - required: - - packages - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_bulk_install_packages_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk install packages - tags: - - Elastic Package Manager (EPM) - '/epm/packages/{pkgkey}': - delete: - deprecated: true - operationId: delete-package-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgkey - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete ackage - tags: - - Elastic Package Manager (EPM) - get: - deprecated: true - operationId: get-package-deprecated - parameters: - - in: path - name: pkgkey - required: true - schema: - type: string - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - properties: - response: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - savedObject: - type: string - status: - enum: - - installed - - installing - - install_failed - - not_installed - type: string - required: - - status - - savedObject - type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package - tags: - - Elastic Package Manager (EPM) - post: - deprecated: true - description: '' - operationId: install-package-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgkey - required: true - schema: - type: string - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package - tags: - - Elastic Package Manager (EPM) - '/epm/packages/{pkgName}/{pkgVersion}': - delete: - operationId: delete-package - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: delete package even if policies used by agents - in: query - name: force - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - deprecated: true - type: object - properties: - force: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package - tags: - - Elastic Package Manager (EPM) - get: - operationId: get-package - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - properties: - item: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - licensePath: - type: string - notice: - type: string - savedObject: - deprecated: true - type: object - status: - enum: - - installed - - installing - - install_failed - - not_installed - type: string - required: - - status - - savedObject - type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package - tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - - description: >- - Return all fields from the package manifest, not just those supported - by the Elastic Package Registry - in: query - name: full - schema: - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - post: - description: '' - operationId: install-package - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - ignore_constraints: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _meta: - type: object - properties: - install_source: - enum: - - registry - - upload - - bundled - type: string - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package - tags: - - Elastic Package Manager (EPM) - put: - description: '' - operationId: update-package - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - keepPoliciesUpToDate: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package settings - tags: - - Elastic Package Manager (EPM) - '/epm/packages/{pkgName}/{pkgVersion}/{filePath}': - get: - operationId: packages-get-file - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: object - headers: - type: object - statusCode: - type: number - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package file - tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: path - name: filePath - required: true - schema: - type: string - '/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': - post: - description: '' - operationId: reauthorize-transforms - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: >- - Whether to include prerelease packages in categories count (e.g. - beta, rc, preview) - in: query - name: prerelease - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - transforms: - items: - type: object - properties: - transformId: - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: object - properties: - error: - type: string - success: - type: boolean - transformId: - type: string - required: - - transformId - - error - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Authorize transforms - tags: - - Elastic Package Manager (EPM) - '/epm/packages/{pkgName}/stats': - get: - operationId: get-package-stats - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - response: - $ref: '#/components/schemas/Fleet_package_usage_stats' - required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package stats - tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - /epm/packages/limited: - get: - operationId: list-limited-packages - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: string - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get limited package list - tags: - - Elastic Package Manager (EPM) - parameters: [] - '/epm/templates/{pkgName}/{pkgVersion}/inputs': - get: - operationId: get-inputs-template - responses: - '200': - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get inputs template - tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Format of response - json or yaml - in: query - name: format - schema: - enum: - - json - - yaml - - yml - type: string - - description: Specify if version is prerelease - in: query - name: prerelease - schema: - type: boolean - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - /epm/verification_key_id: - get: - operationId: packages-get-verification-key-id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: object - properties: - id: - description: >- - the key ID of the GPG key used to verify package - signatures - nullable: true - type: string - headers: - type: object - statusCode: - type: number - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package signature verification key ID - tags: - - Elastic Package Manager (EPM) - parameters: [] - /fleet_server_hosts: - get: - operationId: get-fleet-server-hosts - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_fleet_server_host' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List Fleet Server hosts - tags: - - Fleet Server hosts - post: - operationId: post-fleet-server-hosts - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host_urls: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - type: string - required: - - name - - host_urls - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create Fleet Server host - tags: - - Fleet Server hosts - '/fleet_server_hosts/{itemId}': - delete: - operationId: delete-fleet-server-hosts - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete Fleet Server host by ID - tags: - - Fleet Server hosts - get: - operationId: get-one-fleet-server-hosts - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get Fleet Server host by ID - tags: - - Fleet Server hosts - parameters: - - in: path - name: itemId - required: true - schema: - type: string - put: - operationId: update-fleet-server-hosts - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host_urls: - items: - type: string - type: array - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - nullable: true - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update Fleet Server host by ID - tags: - - Fleet Server hosts - /health_check: - post: - operationId: fleet-server-health-check - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host: - deprecated: true - type: string - id: - type: string - required: - - id - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host: - deprecated: true - type: string - id: - description: Fleet Server host id - type: string - status: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Fleet Server health check - tags: - - Fleet internals - /kubernetes: - get: - operationId: get-full-k8s-manifest - parameters: - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full K8s agent manifest - tags: - - Fleet Kubernetes - /logstash_api_keys: - post: - operationId: generate-logstash-api-key - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - api_key: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Generate Logstash API key - tags: - - Fleet outputs - /outputs: - get: - operationId: get-outputs - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_output_create_request' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List outputs - tags: - - Fleet outputs - post: - operationId: post-outputs - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_output_create_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create output - tags: - - Fleet outputs - '/outputs/{outputId}': - delete: - operationId: delete-output - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete output by ID - tags: - - Fleet outputs - get: - operationId: get-output - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get output by ID - tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - put: - operationId: update-output - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_output_update_request' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_update_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update output by ID - tags: - - Fleet outputs - '/outputs/{outputId}/health': - get: - operationId: get-output-health - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: 'state of output, HEALTHY or DEGRADED' - type: string - timestamp: - description: timestamp of reported state - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get latest output health - tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - /package_policies: - get: - operationId: get-package-policies - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List package policies - tags: - - Fleet package policies - parameters: [] - post: - operationId: create-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - description: >- - You should use inputs as an object and not use the deprecated inputs - array. - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Create package policy - tags: - - Fleet package policies - /package_policies/_bulk_get: - post: - operationId: bulk-get-package-policies - parameters: - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get package policies - tags: - - Fleet package policies - '/package_policies/{packagePolicyId}': - delete: - operationId: delete-package-policy - parameters: - - in: query - name: force - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy by ID - tags: - - Fleet package policies - get: - operationId: get-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_format' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package policy by ID - tags: - - Fleet package policies - parameters: - - in: path - name: packagePolicyId - required: true - schema: - type: string - put: - operationId: update-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - sucess: - type: boolean - required: - - item - - sucess - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package policy by ID - tags: - - Fleet package policies - /package_policies/delete: - post: - operationId: post-delete-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy - tags: - - Fleet package policies - /package_policies/upgrade: - post: - operationId: upgrade-package-policy - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade package policy to a newer package version - tags: - - Fleet package policies - /package_policies/upgrade/dryrun: - post: - operationId: upgrade-package-policy-dry-run - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - packageVersion: - type: string - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - agent_diff: - $ref: '#/components/schemas/Fleet_upgrade_agent_diff' - diff: - $ref: '#/components/schemas/Fleet_upgrade_diff' - hasErrors: - type: boolean - required: - - hasErrors - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Dry run package policy upgrade - tags: - - Fleet package policies - /proxies: - get: - operationId: get-fleet-proxies - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_proxies' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List proxies - tags: - - Fleet proxies - post: - operationId: post-fleet-proxies - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - id: - type: string - name: - type: string - proxy_headers: - type: object - url: - type: string - required: - - name - - url - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create proxy - tags: - - Fleet proxies - '/proxies/{itemId}': - delete: - operationId: delete-fleet-proxies - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete proxy by ID - tags: - - Fleet proxies - get: - operationId: get-one-fleet-proxies - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get proxy by ID - tags: - - Fleet proxies - parameters: - - in: path - name: itemId - required: true - schema: - type: string - put: - operationId: update-fleet-proxies - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - name: - type: string - proxy_headers: - type: object - url: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update proxy by ID - tags: - - Fleet proxies - '/s/{spaceId}/api/observability/slos': - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: 'The page to use for pagination, must be greater or equal than 1' - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs - tags: - - slo - post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - servers: - - url: 'https://localhost:5601' - summary: Create an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/_delete_instances': - post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' - required: true - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - servers: - - url: 'https://localhost:5601' - summary: Batch delete rollup and summary data - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}': - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO - tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO - tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/_reset': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/disable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/enable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO - tags: - - slo - /service_tokens: - post: - operationId: generate-service-token - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - type: string - value: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token - tags: - - Fleet service tokens - /service-tokens: - post: - deprecated: true - operationId: generate-service-token-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - type: string - value: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token - tags: - - Fleet service tokens - /settings: - get: - operationId: get-settings - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get settings - tags: - - Fleet internals - put: - operationId: update-settings - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - additional_yaml_config: - type: string - fleet_server_hosts: - description: Protocol and path must be the same for each URL - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update settings - tags: - - Fleet internals - /settings/enrollment: - get: - operationId: get-enrollment-settings - parameters: - - description: >- - An agent policy ID to scope the enrollment settings to. For example, - that policy's Fleet Server host, its proxy, download location, etc. - If not provided, the default Fleet Server policy is used (if any). - in: query - name: agentPolicyId - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_settings_enrollment_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment settings - tags: - - Fleet internals - servers: - - description: Used for Fleet internals and not supported - url: 'http://KIBANA_HOST:5601/internal/fleet' - /setup: - post: - operationId: setup - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - description: Internal Server Error - summary: Initiate Fleet setup - tags: - - Fleet internals - /uninstall_tokens: - get: - operationId: get-uninstall-tokens - parameters: - - description: The number of items to return - in: query - name: perPage - required: false - schema: - default: 20 - minimum: 5 - type: integer - - $ref: '#/components/parameters/Fleet_page_index' - - description: Partial match filtering for policy IDs - in: query - name: policyId - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: object - properties: - created_at: - type: string - id: - type: string - policy_id: - type: string - required: - - id - - policy_id - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List metadata for latest uninstall tokens per agent policy - tags: - - Fleet uninstall tokens - '/uninstall_tokens/{uninstallTokenId}': - get: - operationId: get-uninstall-token - parameters: - - in: path - name: uninstallTokenId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - type: object - properties: - created_at: - type: string - id: - type: string - policy_id: - type: string - token: - type: string - required: - - id - - token - - policy_id - - created_at - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get one decrypted uninstall token by its ID - tags: - - Fleet uninstall tokens -components: - examples: - Connectors_create_email_connector_request: - summary: Create an email connector. - value: - config: - from: tester@example.com - hasAuth: true - host: 'https://example.com' - port: 1025 - secure: false - service: other - connector_type_id: .email - name: email-connector-1 - secrets: - password: password - user: username - Connectors_create_email_connector_response: - summary: A new email connector. - value: - config: - clientId: null - from: tester@example.com - hasAuth: true - host: 'https://example.com' - oauthTokenUrl: null - port: 1025 - secure: false - service: other - tenantId: null - connector_type_id: .email - id: 90a82c60-478f-11ee-a343-f98a117c727f - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: email-connector-1 - Connectors_create_index_connector_request: - summary: Create an index connector. - value: - config: - index: test-index - connector_type_id: .index - name: my-connector - Connectors_create_index_connector_response: - summary: A new index connector. - value: - config: - executionTimeField: null - index: test-index - refresh: false - connector_type_id: .index - id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-connector - Connectors_create_webhook_connector_request: - summary: Create a webhook connector with SSL authentication. - value: - config: - authType: webhook-authentication-ssl - certType: ssl-crt-key - method: post - url: 'https://example.com' - connector_type_id: .webhook - name: my-webhook-connector - secrets: - crt: QmFnIEF0dH... - key: LS0tLS1CRUdJ... - password: my-passphrase - Connectors_create_webhook_connector_response: - summary: A new webhook connector. - value: - config: - authType: webhook-authentication-ssl - certType: ssl-crt-key - hasAuth: true - headers: null - method: post - url: 'https://example.com' - verificationMode: full - connector_type_id: .webhook - id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-webhook-connector - Connectors_create_xmatters_connector_request: - summary: Create an xMatters connector with URL authentication. - value: - config: - usesBasic: false - connector_type_id: .xmatters - name: my-xmatters-connector - secrets: - secretsUrl: 'https://example.com?apiKey=xxxxx' - Connectors_create_xmatters_connector_response: - summary: A new xMatters connector. - value: - config: - configUrl: null - usesBasic: false - connector_type_id: .xmatters - id: 4d2d8da0-4d1f-11ee-9367-577408be4681 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-xmatters-connector - Connectors_get_connector_response: - summary: Get connector details. - value: - config: {} - connector_type_id: .server-log - id: df770e30-8b8b-11ed-a780-3b746c987a81 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my_server_log_connector - Connectors_get_connector_types_generativeai_response: - summary: A list of connector types for the `generativeAI` feature. - value: - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .gen-ai - is_system_action_type: false - minimum_license_required: enterprise - name: OpenAI - supported_feature_ids: - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .bedrock - is_system_action_type: false - minimum_license_required: enterprise - name: AWS Bedrock - supported_feature_ids: - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .gemini - is_system_action_type: false - minimum_license_required: enterprise - name: Google Gemini - supported_feature_ids: - - generativeAIForSecurity - Connectors_get_connectors_response: - summary: A list of connectors - value: - - connector_type_id: .email - id: preconfigured-email-connector - is_deprecated: false - is_preconfigured: true - is_system_action: false - name: my-preconfigured-email-notification - referenced_by_count: 0 - - config: - executionTimeField: null - index: test-index - refresh: false - connector_type_id: .index - id: e07d0c80-8b8b-11ed-a780-3b746c987a81 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-index-connector - referenced_by_count: 2 - Connectors_update_index_connector_request: - summary: Update an index connector. - value: - config: - index: updated-index - name: updated-connector - Data_views_create_data_view_request: - summary: Create a data view with runtime fields. - value: - data_view: - name: My Logstash data view - runtimeFieldMap: - runtime_shape_name: - script: - source: 'emit(doc[''shape_name''].value)' - type: keyword - title: logstash-* - Data_views_create_runtime_field_request: - summary: Create a runtime field. - value: - name: runtimeFoo - runtimeField: - script: - source: 'emit(doc["foo"].value)' - type: long - Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. - value: - data_view: - allowNoIndex: false - fieldAttrs: - products.manufacturer: - count: 1 - products.price: - count: 1 - products.product_name: - count: 1 - total_quantity: - count: 1 - fieldFormats: - products.base_price: - id: number - params: - pattern: '$0,0.00' - products.base_unit_price: - id: number - params: - pattern: '$0,0.00' - products.min_price: - id: number - params: - pattern: '$0,0.00' - products.price: - id: number - params: - pattern: '$0,0.00' - products.taxful_price: - id: number - params: - pattern: '$0,0.00' - products.taxless_price: - id: number - params: - pattern: '$0,0.00' - taxful_total_price: - id: number - params: - pattern: '$0,0.[00]' - taxless_total_price: - id: number - params: - pattern: '$0,0.00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: category - type: string - currency: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: currency - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_birth_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: customer_birth_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_first_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_first_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_first_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_first_name - type: string - customer_full_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_full_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_full_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_full_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_full_name - type: string - customer_gender: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_gender - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_last_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_last_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_last_name - type: string - customer_phone: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_phone - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: day_of_week - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week_i: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: day_of_week_i - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - email: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: email - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - event.dataset: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: event.dataset - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.city_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.city_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.continent_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.continent_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.country_iso_code: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.country_iso_code - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.location: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: geoip.location - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - geoip.region_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.region_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: manufacturer - type: string - order_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: order_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - order_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: order_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products._id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products._id.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products._id - type: string - products.base_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.base_unit_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_unit_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products.category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.category - type: string - products.created_on: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: products.created_on - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - products.discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.discount_percentage: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_percentage - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.manufacturer: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.manufacturer - type: string - products.min_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.min_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.price: - aggregatable: true - count: 1 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_id: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - isMapped: true - name: products.product_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_name: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.product_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.product_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.product_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.product_name - type: string - products.quantity: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: products.quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.tax_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.tax_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxful_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxful_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxless_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxless_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.unit_discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.unit_discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - taxful_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: taxful_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - taxless_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: taxless_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_quantity: - aggregatable: true - count: 1 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_unique_products: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_unique_products - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - type: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: type - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - user: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: user - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: '$0,0.[00]' - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - AvgTicketPrice: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: AvgTicketPrice - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Cancelled: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: Cancelled - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - Carrier: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Carrier - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - dayOfWeek: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: dayOfWeek - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Dest: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Dest - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: 'emit(doc["bar"].value)' - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Serverless_saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Serverless_saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Serverless_saved_objects_import_objects_request: - value: - file: file.ndjson - Serverless_saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false - meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - parameters: - Connectors_connector_id: - description: An identifier for the connector. - in: path - name: connectorId - required: true - schema: - example: df770e30-8b8b-11ed-a780-3b746c987a81 - type: string - Connectors_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Fleet_format: - description: Simplified or legacy format for package inputs - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - Fleet_kbn_xsrf: - description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. - in: header - name: kbn-xsrf - required: true - schema: - type: string - Fleet_kuery: - in: query - name: kuery - required: false - schema: - type: string - Fleet_page_index: - in: query - name: page - required: false - schema: - default: 1 - type: integer - Fleet_page_size: - description: The number of items to return - in: query - name: perPage - required: false - schema: - default: 20 - type: integer - Fleet_show_inactive: - in: query - name: showInactive - required: false - schema: - type: boolean - Fleet_show_upgradeable: - in: query - name: showUpgradeable - required: false - schema: - type: boolean - Fleet_sort_field: - in: query - name: sortField - required: false - schema: - deprecated: true - type: string - Fleet_sort_order: - in: query - name: sortOrder - required: false - schema: - enum: - - asc - - desc - type: string - Fleet_with_metrics: - description: 'Return agent metrics, false by default' - in: query - name: withMetrics - required: false - schema: - type: boolean - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Serverless_saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - responses: - Connectors_401: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Unauthorized - example: Unauthorized - type: string - message: - type: string - statusCode: - enum: - - 401 - example: 401 - type: integer - title: Unauthorized response - type: object - description: Authorization information is missing or invalid. - Connectors_404: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not - found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - title: Not found response - type: object - description: Object is not found. - Fleet_error: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - schemas: - Connectors_auth_type: - description: | - The type of authentication to use: basic, SSL, or none. - enum: - - webhook-authentication-basic - - webhook-authentication-ssl - nullable: true - title: Authentication type - type: string - Connectors_ca: - description: > - A base64 encoded version of the certificate authority file that the - connector can trust to sign and validate certificates. This option is - available for all authentication types. - title: Certificate authority - type: string - Connectors_cert_type: - description: > - If the `authType` is `webhook-authentication-ssl`, specifies whether the - certificate authentication data is in a CRT and key file format or a PFX - file format. - enum: - - ssl-crt-key - - ssl-pfx - title: Certificate type - type: string - Connectors_config_properties_bedrock: - description: Defines properties for connectors when type is `.bedrock`. - properties: - apiUrl: - description: The Amazon Bedrock request URL. - type: string - defaultModel: - default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' - description: > - The generative artificial intelligence model for Amazon Bedrock to - use. Current support is for the Anthropic Claude models. - type: string - required: - - apiUrl - title: Connector request properties for an Amazon Bedrock connector - type: object - Connectors_config_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. - type: object - properties: - authType: - $ref: '#/components/schemas/Connectors_auth_type' - ca: - $ref: '#/components/schemas/Connectors_ca' - certType: - $ref: '#/components/schemas/Connectors_cert_type' - createCommentJson: - description: > - A JSON payload sent to the create comment URL to create a case - comment. You can use variables to add Kibana Cases data to the - payload. The required variable is `case.comment`. Due to Mustache - template variables (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated once the Mustache variables have - been placed when the REST method runs. Manually ensure that the JSON - is valid, disregarding the Mustache variables, so the later - validation will pass. - example: '{"body": {{{case.comment}}}}' - type: string - createCommentMethod: - default: put - description: > - The REST API HTTP request method to create a case comment in the - third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - createCommentUrl: - description: > - The REST API URL to create a case comment by ID in the third-party - system. You can use a variable to add the external system ID to the - URL. If you are using the `xpack.actions.allowedHosts setting`, add - the hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.id}}}/comment' - type: string - createIncidentJson: - description: > - A JSON payload sent to the create case URL to create a case. You can - use variables to add case data to the payload. Required variables - are `case.title` and `case.description`. Due to Mustache template - variables (which is the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid to avoid future validation errors; disregard Mustache - variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - type: string - createIncidentMethod: - default: post - description: > - The REST API HTTP request method to create a case in the third-party - system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - createIncidentResponseKey: - description: >- - The JSON key in the create external case response that contains the - case ID. - type: string - createIncidentUrl: - description: > - The REST API URL to create a case in the third-party system. If you - are using the `xpack.actions.allowedHosts` setting, add the hostname - to the allowed hosts. - type: string - getIncidentResponseExternalTitleKey: - description: >- - The JSON key in get external case response that contains the case - title. - type: string - getIncidentUrl: - description: > - The REST API URL to get the case by ID from the third-party system. - If you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. You can use a variable to add the - external system ID to the URL. Due to Mustache template variables - (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid, disregarding the Mustache variables, so the later validation - will pass. - example: 'https://example.com/issue/{{{external.system.id}}}' - type: string - hasAuth: - $ref: '#/components/schemas/Connectors_has_auth' - headers: - description: > - A set of key-value pairs sent as headers with the request URLs for - the create case, update case, get case, and create comment methods. - type: string - updateIncidentJson: - description: > - The JSON payload sent to the update case URL to update the case. You - can use variables to add Kibana Cases data to the payload. Required - variables are `case.title` and `case.description`. Due to Mustache - template variables (which is the text enclosed in triple braces, for - example, `{{{case.title}}}`), the JSON is not validated when you - create the connector. The JSON is validated after the Mustache - variables have been placed when REST method runs. Manually ensure - that the JSON is valid to avoid future validation errors; disregard - Mustache variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - type: string - updateIncidentMethod: - default: put - description: > - The REST API HTTP request method to update the case in the - third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - updateIncidentUrl: - description: > - The REST API URL to update the case by ID in the third-party system. - You can use a variable to add the external system ID to the URL. If - you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.ID}}}' - type: string - verificationMode: - $ref: '#/components/schemas/Connectors_verification_mode' - viewIncidentUrl: - description: > - The URL to view the case in the external system. You can use - variables to add the external system ID or external system title to - the URL. - example: >- - https://testing-jira.atlassian.net/browse/{{{external.system.title}}} - type: string - required: - - createIncidentJson - - createIncidentResponseKey - - createIncidentUrl - - getIncidentResponseExternalTitleKey - - getIncidentUrl - - updateIncidentJson - - updateIncidentUrl - - viewIncidentUrl - title: Connector request properties for Webhook - Case Management connector - Connectors_config_properties_d3security: - description: Defines properties for connectors when type is `.d3security`. - properties: - url: - description: > - The D3 Security API request URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - url - title: Connector request properties for a D3 Security connector - type: object - Connectors_config_properties_email: - description: Defines properties for connectors when type is `.email`. - type: object - properties: - clientId: - description: > - The client identifier, which is a part of OAuth 2.0 client - credentials authentication, in GUID format. If `service` is - `exchange_server`, this property is required. - nullable: true - type: string - from: - description: > - The from address for all emails sent by the connector. It must be - specified in `user@host-name` format. - type: string - hasAuth: - default: true - description: > - Specifies whether a user and password are required inside the - secrets configuration. - type: boolean - host: - description: > - The host name of the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: string - oauthTokenUrl: - nullable: true - type: string - port: - description: > - The port to connect to on the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: integer - secure: - description: > - Specifies whether the connection to the service provider will use - TLS. If the `service` is `elastic_cloud` (for Elastic Cloud - notifications) or one of Nodemailer's well-known email service - providers, this property is ignored. - type: boolean - service: - description: | - The name of the email service. - enum: - - elastic_cloud - - exchange_server - - gmail - - other - - outlook365 - - ses - type: string - tenantId: - description: > - The tenant identifier, which is part of OAuth 2.0 client credentials - authentication, in GUID format. If `service` is `exchange_server`, - this property is required. - nullable: true - type: string - required: - - from - title: Connector request properties for an email connector - Connectors_config_properties_gemini: - description: Defines properties for connectors when type is `.gemini`. - properties: - apiUrl: - description: The Google Gemini request URL. - type: string - defaultModel: - default: gemini-1.5-pro-001 - description: >- - The generative artificial intelligence model for Google Gemini to - use. - type: string - gcpProjectID: - description: The Google ProjectID that has Vertex AI endpoint enabled. - type: string - gcpRegion: - description: The GCP region where the Vertex AI endpoint enabled. - type: string - required: - - apiUrl - - gcpRegion - - gcpProjectID - title: Connector request properties for an Google Gemini connector - type: object - Connectors_config_properties_genai: - description: Defines properties for connectors when type is `.gen-ai`. - discriminator: - mapping: - Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' - OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' - propertyName: apiProvider - oneOf: - - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' - - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' - title: Connector request properties for an OpenAI connector - Connectors_config_properties_genai_azure: - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `Azure OpenAI'. - properties: - apiProvider: - description: The OpenAI API provider. - enum: - - Azure OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. - type: string - required: - - apiProvider - - apiUrl - title: >- - Connector request properties for an OpenAI connector that uses Azure - OpenAI - type: object - Connectors_config_properties_genai_openai: - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `OpenAI'. - properties: - apiProvider: - description: The OpenAI API provider. - enum: - - OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. - type: string - defaultModel: - description: The default model to use for requests. - type: string - required: - - apiProvider - - apiUrl - title: Connector request properties for an OpenAI connector - type: object - Connectors_config_properties_index: - description: Defines properties for connectors when type is `.index`. - type: object - properties: - executionTimeField: - default: null - description: A field that indicates when the document was indexed. - nullable: true - type: string - index: - description: The Elasticsearch index to be written to. - type: string - refresh: - default: false - description: > - The refresh policy for the write request, which affects when changes - are made visible to search. Refer to the refresh setting for - Elasticsearch document APIs. - type: boolean - required: - - index - title: Connector request properties for an index connector - Connectors_config_properties_jira: - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - apiUrl: - description: The Jira instance URL. - type: string - projectKey: - description: The Jira project key. - type: string - required: - - apiUrl - - projectKey - title: Connector request properties for a Jira connector - Connectors_config_properties_opsgenie: - description: Defines properties for connectors when type is `.opsgenie`. - type: object - properties: - apiUrl: - description: > - The Opsgenie URL. For example, `https://api.opsgenie.com` or - `https://api.eu.opsgenie.com`. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - apiUrl - title: Connector request properties for an Opsgenie connector - Connectors_config_properties_pagerduty: - description: Defines properties for connectors when type is `.pagerduty`. - properties: - apiUrl: - description: The PagerDuty event URL. - example: 'https://events.pagerduty.com/v2/enqueue' - nullable: true - type: string - title: Connector request properties for a PagerDuty connector - type: object - Connectors_config_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. - type: object - properties: - apiUrl: - description: The IBM Resilient instance URL. - type: string - orgId: - description: The IBM Resilient organization ID. - type: string - required: - - apiUrl - - orgId - title: Connector request properties for a IBM Resilient connector - Connectors_config_properties_sentinelone: - description: Defines properties for connectors when type is `.sentinelone`. - type: object - properties: - url: - description: > - The SentinelOne tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - url - title: Connector request properties for a SentinelOne connector - Connectors_config_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. - type: string - usesTableApi: - default: true - description: > - Determines whether the connector uses the Table API or the Import - Set API. This property is supported only for ServiceNow ITSM and - ServiceNow SecOps connectors. NOTE: If this property is set to - `false`, the Elastic application should be installed in ServiceNow. - type: boolean - required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_servicenow_itom: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. - type: string - required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_slack_api: - description: Defines properties for connectors when type is `.slack_api`. - properties: - allowedChannels: - description: A list of valid Slack channels. - items: - maxItems: 25 - type: object - properties: - id: - description: The Slack channel ID. - example: C123ABC456 - minLength: 1 - type: string - name: - description: The Slack channel name. - minLength: 1 - type: string - required: - - id - - name - type: array - title: Connector request properties for a Slack connector - type: object - Connectors_config_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - apiUrl: - description: The Swimlane instance URL. - type: string - appId: - description: The Swimlane application ID. - type: string - connectorType: - description: >- - The type of connector. Valid values are `all`, `alerts`, and - `cases`. - enum: - - all - - alerts - - cases - type: string - mappings: - description: The field mapping. - properties: - alertIdConfig: - description: Mapping for the alert ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Alert identifier mapping - type: object - caseIdConfig: - description: Mapping for the case ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case identifier mapping - type: object - caseNameConfig: - description: Mapping for the case name. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case name mapping - type: object - commentsConfig: - description: Mapping for the case comments. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case comment mapping - type: object - descriptionConfig: - description: Mapping for the case description. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case description mapping - type: object - ruleNameConfig: - description: Mapping for the name of the alert's rule. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Rule name mapping - type: object - severityConfig: - description: Mapping for the severity. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Severity mapping - type: object - title: Connector mappings properties for a Swimlane connector - type: object - required: - - apiUrl - - appId - - connectorType - title: Connector request properties for a Swimlane connector - Connectors_config_properties_tines: - description: Defines properties for connectors when type is `.tines`. - properties: - url: - description: > - The Tines tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, make sure this hostname is - added to the allowed hosts. - type: string - required: - - url - title: Connector request properties for a Tines connector - type: object - Connectors_config_properties_torq: - description: Defines properties for connectors when type is `.torq`. - properties: - webhookIntegrationUrl: - description: The endpoint URL of the Elastic Security integration in Torq. - type: string - required: - - webhookIntegrationUrl - title: Connector request properties for a Torq connector - type: object - Connectors_config_properties_webhook: - description: Defines properties for connectors when type is `.webhook`. - properties: - authType: - $ref: '#/components/schemas/Connectors_auth_type' - ca: - $ref: '#/components/schemas/Connectors_ca' - certType: - $ref: '#/components/schemas/Connectors_cert_type' - hasAuth: - $ref: '#/components/schemas/Connectors_has_auth' - headers: - description: A set of key-value pairs sent as headers with the request. - nullable: true - type: object - method: - default: post - description: | - The HTTP request method, either `post` or `put`. - enum: - - post - - put - type: string - url: - description: > - The request URL. If you are using the `xpack.actions.allowedHosts` - setting, add the hostname to the allowed hosts. - type: string - verificationMode: - $ref: '#/components/schemas/Connectors_verification_mode' - title: Connector request properties for a Webhook connector - type: object - Connectors_config_properties_xmatters: - description: Defines properties for connectors when type is `.xmatters`. - properties: - configUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters. It is - applicable only when `usesBasic` is `true`. - nullable: true - type: string - usesBasic: - default: true - description: >- - Specifies whether the connector uses HTTP basic authentication - (`true`) or URL authentication (`false`). - type: boolean - title: Connector request properties for an xMatters connector - type: object - Connectors_connector_response_properties: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - .cases-webhook: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - .d3security: >- - #/components/schemas/Connectors_connector_response_properties_d3security - .email: '#/components/schemas/Connectors_connector_response_properties_email' - .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' - .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' - .index: '#/components/schemas/Connectors_connector_response_properties_index' - .jira: '#/components/schemas/Connectors_connector_response_properties_jira' - .opsgenie: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - .pagerduty: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - .resilient: >- - #/components/schemas/Connectors_connector_response_properties_resilient - .sentinelone: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - .server-log: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - .servicenow: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - .servicenow-itom: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - .slack: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - .slack_api: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - .swimlane: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - .teams: '#/components/schemas/Connectors_connector_response_properties_teams' - .tines: '#/components/schemas/Connectors_connector_response_properties_tines' - .torq: '#/components/schemas/Connectors_connector_response_properties_torq' - .webhook: >- - #/components/schemas/Connectors_connector_response_properties_webhook - .xmatters: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - propertyName: connector_type_id - oneOf: - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_d3security - - $ref: '#/components/schemas/Connectors_connector_response_properties_email' - - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' - - $ref: '#/components/schemas/Connectors_connector_response_properties_index' - - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_resilient - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' - - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' - - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - title: Connector response properties - Connectors_connector_response_properties_bedrock: - title: Connector response properties for an Amazon Bedrock connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - required: - - config - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_cases_webhook: - title: Connector request properties for a Webhook - Case Management connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_d3security: - title: Connector response properties for a D3 Security connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_email: - title: Connector response properties for an email connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_gemini: - title: Connector response properties for a Google Gemini connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_genai: - title: Connector response properties for an OpenAI connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_index: - title: Connector response properties for an index connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_jira: - title: Connector response properties for a Jira connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_opsgenie: - title: Connector response properties for an Opsgenie connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_pagerduty: - title: Connector response properties for a PagerDuty connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_resilient: - title: Connector response properties for a IBM Resilient connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_sentinelone: - title: Connector response properties for a SentinelOne connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_serverlog: - title: Connector response properties for a server log connector - type: object - properties: - config: - nullable: true - type: object - connector_type_id: - description: The type of connector. - enum: - - .server-log - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow: - title: Connector response properties for a ServiceNow ITSM connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_itom: - title: Connector response properties for a ServiceNow ITOM connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_sir: - title: Connector response properties for a ServiceNow SecOps connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_api: - title: Connector response properties for a Slack connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_webhook: - title: Connector response properties for a Slack connector - type: object - properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_swimlane: - title: Connector response properties for a Swimlane connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_teams: - title: Connector response properties for a Microsoft Teams connector - type: object - properties: - config: - type: object - connector_type_id: - description: The type of connector. - enum: - - .teams - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_tines: - title: Connector response properties for a Tines connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_torq: - title: Connector response properties for a Torq connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_webhook: - title: Connector response properties for a Webhook connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_xmatters: - title: Connector response properties for an xMatters connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_types: - description: >- - The type of connector. For example, `.email`, `.index`, `.jira`, - `.opsgenie`, or `.server-log`. - enum: - - .bedrock - - .gemini - - .cases-webhook - - .d3security - - .email - - .gen-ai - - .index - - .jira - - .opsgenie - - .pagerduty - - .resilient - - .sentinelone - - .servicenow - - .servicenow-itom - - .servicenow-sir - - .server-log - - .slack - - .slack_api - - .swimlane - - .teams - - .tines - - .torq - - .webhook - - .xmatters - example: .server-log - title: Connector types - type: string - Connectors_create_connector_request: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' - .cases-webhook: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' - .email: '#/components/schemas/Connectors_create_connector_request_email' - .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' - .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' - .index: '#/components/schemas/Connectors_create_connector_request_index' - .jira: '#/components/schemas/Connectors_create_connector_request_jira' - .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' - .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' - .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' - .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' - .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' - .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' - .servicenow-itom: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - .slack: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' - .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' - .teams: '#/components/schemas/Connectors_create_connector_request_teams' - .tines: '#/components/schemas/Connectors_create_connector_request_tines' - .torq: '#/components/schemas/Connectors_create_connector_request_torq' - .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' - .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' - propertyName: connector_type_id - oneOf: - - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_create_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_create_connector_request_index' - - $ref: '#/components/schemas/Connectors_create_connector_request_jira' - - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_create_connector_request_teams' - - $ref: '#/components/schemas/Connectors_create_connector_request_tines' - - $ref: '#/components/schemas/Connectors_create_connector_request_torq' - - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' - title: Create connector request body properties - Connectors_create_connector_request_bedrock: - description: >- - The Amazon Bedrock connector uses axios to send a POST request to Amazon - Bedrock. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - example: .bedrock - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - connector_type_id - - name - - secrets - title: Create Amazon Bedrock connector request - type: object - Connectors_create_connector_request_cases_webhook: - description: > - The Webhook - Case Management connector uses axios to send POST, PUT, - and GET requests to a case management RESTful API web service. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - connector_type_id - - name - title: Create Webhook - Case Managment connector request - type: object - Connectors_create_connector_request_d3security: - description: > - The connector uses axios to send a POST request to a D3 Security - endpoint. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - example: .d3security - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - connector_type_id - - name - - secrets - title: Create D3 Security connector request - type: object - Connectors_create_connector_request_email: - description: > - The email connector uses the SMTP protocol to send mail messages, using - an integration of Nodemailer. An exception is Microsoft Exchange, which - uses HTTP protocol for sending emails, Send mail. Email message text is - sent as both plain text and html text. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - example: .email - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - connector_type_id - - name - - secrets - title: Create email connector request - type: object - Connectors_create_connector_request_gemini: - description: >- - The Google Gemini connector uses axios to send a POST request to Google - Gemini. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - example: .gemini - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - required: - - config - - connector_type_id - - name - - secrets - title: Create Google Gemini connector request - type: object - Connectors_create_connector_request_genai: - description: > - The OpenAI connector uses axios to send a POST request to either OpenAI - or Azure OpenAPI. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - example: .gen-ai - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_genai' - required: - - config - - connector_type_id - - name - - secrets - title: Create OpenAI connector request - type: object - Connectors_create_connector_request_index: - description: The index connector indexes a document into Elasticsearch. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - example: .index - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - required: - - config - - connector_type_id - - name - title: Create index connector request - type: object - Connectors_create_connector_request_jira: - description: The Jira connector uses the REST API v2 to create Jira issues. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira - example: .jira - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - required: - - config - - connector_type_id - - name - - secrets - title: Create Jira connector request - type: object - Connectors_create_connector_request_opsgenie: - description: The Opsgenie connector uses the Opsgenie alert API. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - example: .opsgenie - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - connector_type_id - - name - - secrets - title: Create Opsgenie connector request - type: object - Connectors_create_connector_request_pagerduty: - description: > - The PagerDuty connector uses the v2 Events API to trigger, acknowledge, - and resolve PagerDuty alerts. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - example: .pagerduty - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - required: - - config - - connector_type_id - - name - - secrets - title: Create PagerDuty connector request - type: object - Connectors_create_connector_request_resilient: - description: >- - The IBM Resilient connector uses the RESILIENT REST v2 to create IBM - Resilient incidents. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - example: .resilient - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - connector_type_id - - name - - secrets - title: Create IBM Resilient connector request - type: object - Connectors_create_connector_request_sentinelone: - description: > - The SentinelOne connector communicates with SentinelOne Management - Console via REST API. This functionality is in technical preview and may - be changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Create SentinelOne connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - example: .sentinelone - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - required: - - config - - connector_type_id - - name - - secrets - x-technical-preview: true - Connectors_create_connector_request_serverlog: - description: This connector writes an entry to the Kibana server log. - properties: - connector_type_id: - description: The type of connector. - enum: - - .server-log - example: .server-log - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - required: - - connector_type_id - - name - title: Create server log connector request - type: object - Connectors_create_connector_request_servicenow: - description: > - The ServiceNow ITSM connector uses the import set API to create - ServiceNow incidents. You can use the connector for rule actions and - cases. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - example: .servicenow - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITSM connector request - type: object - Connectors_create_connector_request_servicenow_itom: - description: > - The ServiceNow ITOM connector uses the event API to create ServiceNow - events. You can use the connector for rule actions. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - example: .servicenow-itom - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITOM connector request - type: object - Connectors_create_connector_request_servicenow_sir: - description: > - The ServiceNow SecOps connector uses the import set API to create - ServiceNow security incidents. You can use the connector for rule - actions and cases. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow SecOps connector request - type: object - Connectors_create_connector_request_slack_api: - description: The Slack connector uses an API method to send Slack messages. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - example: .slack_api - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request - type: object - Connectors_create_connector_request_slack_webhook: - description: The Slack connector uses Slack Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - example: .slack - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request - type: object - Connectors_create_connector_request_swimlane: + - description: >- + A filter to limit the retrieved connector types to those that + support a specific feature (such as alerting or cases). + in: query + name: feature_id + required: false + schema: + type: string + responses: {} + summary: Get connector types + tags: + - connectors + '/api/actions/connector/{id}': + delete: + description: 'WARNING: When you delete a connector, it cannot be recovered.' + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Delete a connector + tags: + - connectors + get: + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + responses: + '200': + description: Indicates a successful call. + summary: Get connector information + tags: + - connectors + post: + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: id + required: false + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + default: {} + type: object + connector_type_id: + description: The type of connector. + type: string + name: + description: The display name for the connector. + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name + - connector_type_id + responses: + '200': + description: Indicates a successful call. + summary: Create a connector + tags: + - connectors + put: + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + default: {} + type: object + name: + description: The display name for the connector. + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name + responses: + '200': + description: Indicates a successful call. + summary: Update a connector + tags: + - connectors + '/api/actions/connector/{id}/_execute': + post: description: >- - The Swimlane connector uses the Swimlane REST API to create Swimlane - records. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - example: .swimlane - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - connector_type_id - - name - - secrets - title: Create Swimlane connector request - type: object - Connectors_create_connector_request_teams: - description: The Microsoft Teams connector uses Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .teams - example: .teams - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - connector_type_id - - name - - secrets - title: Create Microsoft Teams connector request - type: object - Connectors_create_connector_request_tines: + You can use this API to test an action that involves interaction with + Kibana services or integrations with third-party systems. + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + params: + additionalProperties: {} + type: object + required: + - params + responses: + '200': + description: Indicates a successful call. + summary: Run a connector + tags: + - connectors + /api/actions/connectors: + get: + operationId: '%2Fapi%2Factions%2Fconnectors#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: {} + summary: Get all connectors + tags: + - connectors + /api/actions/list_action_types: + get: + deprecated: true + operationId: '%2Fapi%2Factions%2Flist_action_types#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: {} + summary: Get connector types + tags: + - connectors + '/api/alerting/rule/{id}': + delete: + operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Delete a rule + tags: + - alerting + get: + operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + actions: + items: + additionalProperties: false + type: object + properties: + alerts_filter: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL) as defined in + the `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the + days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work + but lack built-in daylight savings time + support and are not recommended. + type: string + required: + - days + - hours + - timezone + connector_type_id: + description: >- + The type of connector. This property appears in + responses but cannot be set in requests. + type: string + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. + Valid values include: `onActionGroupChange`: + Actions run when the alert status changes; + `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while + the rule conditions are met; + `onThrottleInterval`: Actions run when the alert + becomes active and at the interval specified in + the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The + recommended method is to set it for each action. + If you set it at the rule level then update the + rule in Kibana, it is automatically changed to + use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often + an alert generates repeated actions. It is + specified in seconds, minutes, hours, or days + and is applicable only if 'notify_when' is set + to 'onThrottleInterval'. NOTE: You cannot + specify the throttle interval at both the rule + and action level. The recommended method is to + set it for each action. If you set it at the + rule level then update the rule in Kibana, it is + automatically changed to use action-specific + values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: >- + A universally unique identifier (UUID) for the + action. + type: string + required: + - id + - connector_type_id + - params + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + api_key_created_by_user: + description: >- + Indicates whether the API key that is associated with the + rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: >- + The owner of the API key that is associated with the rule + and used to run background tasks. + nullable: true + type: string + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, + `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, + `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + execution_status: + additionalProperties: false + type: object + properties: + error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + required: + - status + - last_execution_date + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could be + succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + mapped_params: + additionalProperties: {} + type: object + monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + additionalProperties: false + description: >- + Calculation of different percentiles and success + ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + history: + description: History of the rule run. + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + additionalProperties: false + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: >- + Number of ignored alerts during last + run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: >- + Number of recovered alerts during last + run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value + could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: >- + Outcome message generated during last + rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + success: + description: >- + Indicates whether the rule run was + successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + type: array + last_run: + additionalProperties: false + type: object + properties: + metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + total_alerts_created: + description: >- + Total number of alerts created during last + rule run. + nullable: true + type: number + total_alerts_detected: + description: >- + Total number of alerts detected during + last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during + last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: >- + Total time spent performing Elasticsearch + searches as measured by Kibana; includes + network latency and time spent serializing + or deserializing the request and response. + nullable: true + type: number + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + required: + - history + - calculated_metrics + - last_run + required: + - run + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the + alert becomes active and at each check interval while the + rule conditions are met; `onThrottleInterval`: Actions run + when the alert becomes active and at the interval + specified in the throttle property while the rule + conditions are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The recommended method + is to set it for each action. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + description: The parameters for the rule. + type: object + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, + or days. + type: string + required: + - interval + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + type: array + bymonth: + items: + description: >- + Indicates months of the year that this rule + should recur. + type: number + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + type: array + bysetpos: + items: + description: >- + A positive or negative integer affecting the + nth day of the month. For example, -2 combined + with `byweekday` of FR is 2nd to last Friday + of the month. It is recommended to not set + this manually and just use `byweekday`. + type: number + type: array + byweekday: + items: + anyOf: + - type: string + - type: number + description: >- + Indicates the days of the week to recur or + else nth-day-of-month strings. For example, + "+2TU" second Tuesday of month, "-1FR" last + Friday of the month, which are internally + converted to a `byweekday/bysetpos` + combination. + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + type: array + byyearday: + items: + description: >- + Indicates the days of the year that this rule + should recur. + type: number + type: array + count: + description: >- + Number of times the rule should recur until it + stops. + type: number + dtstart: + description: >- + Rule start date in Coordinated Universal Time + (UTC). + type: string + freq: + description: >- + Indicates frequency of the rule. Options are + YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: >- + Indicates the interval of frequency. For + example, 1 and YEARLY is every 1 year, 2 and + WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: 'Indicates the start of week, defaults to Monday.' + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: >- + Deprecated in 8.13.0. Use the `throttle` property in the + action `frequency` object instead. The throttle interval, + which defines how often an alert generates repeated + actions. NOTE: You cannot specify the throttle interval at + both the rule and action level. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: >- + The identifier for the user that updated this rule most + recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + description: Indicates a successful call. + summary: Get rule details + tags: + - alerting + post: + operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: >- + The identifier for the rule. If it is omitted, an ID is randomly + generated. + in: path + name: id + required: false + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + actions: + default: [] + items: + additionalProperties: false + description: An action that runs under defined conditions. + type: object + properties: + alerts_filter: + additionalProperties: false + description: >- + Conditions that affect whether the action runs. If you + specify multiple conditions, all conditions must be + met for the action to run. For example, if an alert + occurs within the specified time frame and matches the + query, the action runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query Domain + Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query Domain + Specific Language (DSL) as defined in the + `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the days + of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + description: >- + Defines the range of time in a day that the + action can run. If the `start` value is + `00:00` and the `end` value is `24:00`, + actions be generated all day. + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work but + lack built-in daylight savings time support + and are not recommended. + type: string + required: + - days + - hours + - timezone + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. Valid + values include: `onActionGroupChange`: Actions run + when the alert status changes; `onActiveAlert`: + Actions run when the alert becomes active and at + each check interval while the rule conditions are + met; `onThrottleInterval`: Actions run when the + alert becomes active and at the interval specified + in the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` at + both the rule and action level. The recommended + method is to set it for each action. If you set it + at the rule level then update the rule in Kibana, + it is automatically changed to use action-specific + values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often an + alert generates repeated actions. It is specified + in seconds, minutes, hours, or days and is + applicable only if `notify_when` is set to + `onThrottleInterval`. NOTE: You cannot specify the + throttle interval at both the rule and action + level. The recommended method is to set it for + each action. If you set it at the rule level then + update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + default: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, `infrastructure`, + `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, + `siem`, `stackAlerts`, or `uptime`. + type: string + enabled: + default: true + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + name: + description: >- + The name of the rule. While this name does not have to be + unique, a distinctive name can help you identify a rule. + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while the rule + conditions are met; `onThrottleInterval`: Actions run when + the alert becomes active and at the interval specified in + the throttle property while the rule conditions are met. + NOTE: You cannot specify `notify_when` at both the rule and + action level. The recommended method is to set it for each + action. If you set it at the rule level then update the rule + in Kibana, it is automatically changed to use + action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + default: {} + description: The parameters for the rule. + type: object + rule_type_id: + description: The rule type identifier. + type: string + schedule: + additionalProperties: false + description: >- + The check interval, which specifies how frequently the rule + conditions are checked. + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, or + days. + type: string + required: + - interval + tags: + default: [] + description: The tags for the rule. + items: + type: string + type: array + throttle: + description: >- + Use the `throttle` property in the action `frequency` object + instead. The throttle interval, which defines how often an + alert generates repeated actions. NOTE: You cannot specify + the throttle interval at both the rule and action level. If + you set it at the rule level then update the rule in Kibana, + it is automatically changed to use action-specific values. + nullable: true + type: string + required: + - name + - rule_type_id + - consumer + - schedule + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + actions: + items: + additionalProperties: false + type: object + properties: + alerts_filter: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL) as defined in + the `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the + days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work + but lack built-in daylight savings time + support and are not recommended. + type: string + required: + - days + - hours + - timezone + connector_type_id: + description: >- + The type of connector. This property appears in + responses but cannot be set in requests. + type: string + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. + Valid values include: `onActionGroupChange`: + Actions run when the alert status changes; + `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while + the rule conditions are met; + `onThrottleInterval`: Actions run when the alert + becomes active and at the interval specified in + the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The + recommended method is to set it for each action. + If you set it at the rule level then update the + rule in Kibana, it is automatically changed to + use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often + an alert generates repeated actions. It is + specified in seconds, minutes, hours, or days + and is applicable only if 'notify_when' is set + to 'onThrottleInterval'. NOTE: You cannot + specify the throttle interval at both the rule + and action level. The recommended method is to + set it for each action. If you set it at the + rule level then update the rule in Kibana, it is + automatically changed to use action-specific + values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: >- + A universally unique identifier (UUID) for the + action. + type: string + required: + - id + - connector_type_id + - params + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + api_key_created_by_user: + description: >- + Indicates whether the API key that is associated with the + rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: >- + The owner of the API key that is associated with the rule + and used to run background tasks. + nullable: true + type: string + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, + `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, + `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + execution_status: + additionalProperties: false + type: object + properties: + error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + required: + - status + - last_execution_date + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could be + succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + mapped_params: + additionalProperties: {} + type: object + monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + additionalProperties: false + description: >- + Calculation of different percentiles and success + ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + history: + description: History of the rule run. + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + additionalProperties: false + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: >- + Number of ignored alerts during last + run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: >- + Number of recovered alerts during last + run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value + could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: >- + Outcome message generated during last + rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + success: + description: >- + Indicates whether the rule run was + successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + type: array + last_run: + additionalProperties: false + type: object + properties: + metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + total_alerts_created: + description: >- + Total number of alerts created during last + rule run. + nullable: true + type: number + total_alerts_detected: + description: >- + Total number of alerts detected during + last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during + last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: >- + Total time spent performing Elasticsearch + searches as measured by Kibana; includes + network latency and time spent serializing + or deserializing the request and response. + nullable: true + type: number + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + required: + - history + - calculated_metrics + - last_run + required: + - run + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the + alert becomes active and at each check interval while the + rule conditions are met; `onThrottleInterval`: Actions run + when the alert becomes active and at the interval + specified in the throttle property while the rule + conditions are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The recommended method + is to set it for each action. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + description: The parameters for the rule. + type: object + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, + or days. + type: string + required: + - interval + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + type: array + bymonth: + items: + description: >- + Indicates months of the year that this rule + should recur. + type: number + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + type: array + bysetpos: + items: + description: >- + A positive or negative integer affecting the + nth day of the month. For example, -2 combined + with `byweekday` of FR is 2nd to last Friday + of the month. It is recommended to not set + this manually and just use `byweekday`. + type: number + type: array + byweekday: + items: + anyOf: + - type: string + - type: number + description: >- + Indicates the days of the week to recur or + else nth-day-of-month strings. For example, + "+2TU" second Tuesday of month, "-1FR" last + Friday of the month, which are internally + converted to a `byweekday/bysetpos` + combination. + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + type: array + byyearday: + items: + description: >- + Indicates the days of the year that this rule + should recur. + type: number + type: array + count: + description: >- + Number of times the rule should recur until it + stops. + type: number + dtstart: + description: >- + Rule start date in Coordinated Universal Time + (UTC). + type: string + freq: + description: >- + Indicates frequency of the rule. Options are + YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: >- + Indicates the interval of frequency. For + example, 1 and YEARLY is every 1 year, 2 and + WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: 'Indicates the start of week, defaults to Monday.' + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: >- + Deprecated in 8.13.0. Use the `throttle` property in the + action `frequency` object instead. The throttle interval, + which defines how often an alert generates repeated + actions. NOTE: You cannot specify the throttle interval at + both the rule and action level. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: >- + The identifier for the user that updated this rule most + recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + description: Indicates a successful call. + summary: Create a rule + tags: + - alerting + put: + operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + actions: + default: [] + items: + additionalProperties: false + description: An action that runs under defined conditions. + type: object + properties: + alerts_filter: + additionalProperties: false + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query Domain + Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query Domain + Specific Language (DSL) as defined in the + `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the days + of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + description: >- + Defines the range of time in a day that the + action can run. If the `start` value is + `00:00` and the `end` value is `24:00`, + actions be generated all day. + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work but + lack built-in daylight savings time support + and are not recommended. + type: string + required: + - days + - hours + - timezone + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. Valid + values include: `onActionGroupChange`: Actions run + when the alert status changes; `onActiveAlert`: + Actions run when the alert becomes active and at + each check interval while the rule conditions are + met; `onThrottleInterval`: Actions run when the + alert becomes active and at the interval specified + in the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` at + both the rule and action level. The recommended + method is to set it for each action. If you set it + at the rule level then update the rule in Kibana, + it is automatically changed to use action-specific + values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often an + alert generates repeated actions. It is specified + in seconds, minutes, hours, or days and is + applicable only if `notify_when` is set to + `onThrottleInterval`. NOTE: You cannot specify the + throttle interval at both the rule and action + level. The recommended method is to set it for + each action. If you set it at the rule level then + update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + default: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + name: + description: >- + The name of the rule. While this name does not have to be + unique, a distinctive name can help you identify a rule. + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while the rule + conditions are met; `onThrottleInterval`: Actions run when + the alert becomes active and at the interval specified in + the throttle property while the rule conditions are met. + NOTE: You cannot specify `notify_when` at both the rule and + action level. The recommended method is to set it for each + action. If you set it at the rule level then update the rule + in Kibana, it is automatically changed to use + action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + default: {} + description: The parameters for the rule. + type: object + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, or + days. + type: string + required: + - interval + tags: + default: [] + items: + description: The tags for the rule. + type: string + type: array + throttle: + description: >- + Use the `throttle` property in the action `frequency` object + instead. The throttle interval, which defines how often an + alert generates repeated actions. NOTE: You cannot specify + the throttle interval at both the rule and action level. If + you set it at the rule level then update the rule in Kibana, + it is automatically changed to use action-specific values. + nullable: true + type: string + required: + - name + - schedule + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + actions: + items: + additionalProperties: false + type: object + properties: + alerts_filter: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL) as defined in + the `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the + days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work + but lack built-in daylight savings time + support and are not recommended. + type: string + required: + - days + - hours + - timezone + connector_type_id: + description: >- + The type of connector. This property appears in + responses but cannot be set in requests. + type: string + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. + Valid values include: `onActionGroupChange`: + Actions run when the alert status changes; + `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while + the rule conditions are met; + `onThrottleInterval`: Actions run when the alert + becomes active and at the interval specified in + the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The + recommended method is to set it for each action. + If you set it at the rule level then update the + rule in Kibana, it is automatically changed to + use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often + an alert generates repeated actions. It is + specified in seconds, minutes, hours, or days + and is applicable only if 'notify_when' is set + to 'onThrottleInterval'. NOTE: You cannot + specify the throttle interval at both the rule + and action level. The recommended method is to + set it for each action. If you set it at the + rule level then update the rule in Kibana, it is + automatically changed to use action-specific + values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: >- + A universally unique identifier (UUID) for the + action. + type: string + required: + - id + - connector_type_id + - params + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + api_key_created_by_user: + description: >- + Indicates whether the API key that is associated with the + rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: >- + The owner of the API key that is associated with the rule + and used to run background tasks. + nullable: true + type: string + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, + `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, + `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + execution_status: + additionalProperties: false + type: object + properties: + error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + required: + - status + - last_execution_date + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could be + succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + mapped_params: + additionalProperties: {} + type: object + monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + additionalProperties: false + description: >- + Calculation of different percentiles and success + ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + history: + description: History of the rule run. + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + additionalProperties: false + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: >- + Number of ignored alerts during last + run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: >- + Number of recovered alerts during last + run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value + could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: >- + Outcome message generated during last + rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + success: + description: >- + Indicates whether the rule run was + successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + type: array + last_run: + additionalProperties: false + type: object + properties: + metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + total_alerts_created: + description: >- + Total number of alerts created during last + rule run. + nullable: true + type: number + total_alerts_detected: + description: >- + Total number of alerts detected during + last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during + last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: >- + Total time spent performing Elasticsearch + searches as measured by Kibana; includes + network latency and time spent serializing + or deserializing the request and response. + nullable: true + type: number + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + required: + - history + - calculated_metrics + - last_run + required: + - run + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the + alert becomes active and at each check interval while the + rule conditions are met; `onThrottleInterval`: Actions run + when the alert becomes active and at the interval + specified in the throttle property while the rule + conditions are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The recommended method + is to set it for each action. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + description: The parameters for the rule. + type: object + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, + or days. + type: string + required: + - interval + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + type: array + bymonth: + items: + description: >- + Indicates months of the year that this rule + should recur. + type: number + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + type: array + bysetpos: + items: + description: >- + A positive or negative integer affecting the + nth day of the month. For example, -2 combined + with `byweekday` of FR is 2nd to last Friday + of the month. It is recommended to not set + this manually and just use `byweekday`. + type: number + type: array + byweekday: + items: + anyOf: + - type: string + - type: number + description: >- + Indicates the days of the week to recur or + else nth-day-of-month strings. For example, + "+2TU" second Tuesday of month, "-1FR" last + Friday of the month, which are internally + converted to a `byweekday/bysetpos` + combination. + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + type: array + byyearday: + items: + description: >- + Indicates the days of the year that this rule + should recur. + type: number + type: array + count: + description: >- + Number of times the rule should recur until it + stops. + type: number + dtstart: + description: >- + Rule start date in Coordinated Universal Time + (UTC). + type: string + freq: + description: >- + Indicates frequency of the rule. Options are + YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: >- + Indicates the interval of frequency. For + example, 1 and YEARLY is every 1 year, 2 and + WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: 'Indicates the start of week, defaults to Monday.' + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: >- + Deprecated in 8.13.0. Use the `throttle` property in the + action `frequency` object instead. The throttle interval, + which defines how often an alert generates repeated + actions. NOTE: You cannot specify the throttle interval at + both the rule and action level. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: >- + The identifier for the user that updated this rule most + recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + description: Indicates a successful call. + summary: Update a rule + tags: + - alerting + '/api/alerting/rule/{id}/_disable': + post: + operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + nullable: true + type: object + properties: + untrack: + description: Defines whether this rule's alerts should be untracked. + type: boolean + x-oas-optional: true + responses: + '204': + description: Indicates a successful call. + summary: Disable a rule + tags: + - alerting + '/api/alerting/rule/{id}/_enable': + post: + operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Enable a rule + tags: + - alerting + '/api/alerting/rule/{id}/_mute_all': + post: + operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Mute all alerts + tags: + - alerting + '/api/alerting/rule/{id}/_unmute_all': + post: + operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Unmute all alerts + tags: + - alerting + '/api/alerting/rule/{id}/_update_api_key': + post: + operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Update the API key for a rule + tags: + - alerting + '/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute': + post: + operationId: >- + %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: rule_id + required: true + schema: + type: string + - description: The identifier for the alert. + in: path + name: alert_id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Mute an alert + tags: + - alerting + '/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute': + post: + operationId: >- + %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: rule_id + required: true + schema: + type: string + - description: The identifier for the alert. + in: path + name: alert_id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Unmute an alert + tags: + - alerting + /api/alerting/rules/_find: + get: + operationId: '%2Fapi%2Falerting%2Frules%2F_find#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The number of rules to return per page. + in: query + name: per_page + required: false + schema: + default: 10 + minimum: 0 + type: number + - description: The page number to return. + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: number + - description: >- + An Elasticsearch simple_query_string query that filters the objects + in the response. + in: query + name: search + required: false + schema: + type: string + - description: The default operator to use for the simple_query_string. + in: query + name: default_search_operator + required: false + schema: + default: OR + enum: + - OR + - AND + type: string + - description: The fields to perform the simple_query_string parsed query against. + in: query + name: search_fields + required: false + schema: + anyOf: + - items: + type: string + type: array + - type: string + - description: >- + Determines which field is used to sort the results. The field must + exist in the `attributes` key of the response. + in: query + name: sort_field + required: false + schema: + type: string + - description: Determines the sort order. + in: query + name: sort_order + required: false + schema: + enum: + - asc + - desc + type: string + - description: >- + Filters the rules that have a relation with the reference objects + with a specific type and identifier. + in: query + name: has_reference + required: false + schema: + additionalProperties: false + nullable: true + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + - in: query + name: fields + required: false + schema: + items: + description: The fields to return in the `attributes` key of the response. + type: string + type: array + - description: >- + A KQL string that you filter with an attribute from your saved + object. It should look like `savedObjectType.attributes.title: + "myTitle"`. However, if you used a direct attribute of a saved + object, such as `updatedAt`, you must define your filter, for + example, `savedObjectType.updatedAt > 2018-12-22`. + in: query + name: filter + required: false + schema: + type: string + - in: query + name: filter_consumers + required: false + schema: + items: + description: List of consumers to filter. + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + actions: + items: + additionalProperties: false + type: object + properties: + alerts_filter: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL) as defined in + the `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the + days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work + but lack built-in daylight savings time + support and are not recommended. + type: string + required: + - days + - hours + - timezone + connector_type_id: + description: >- + The type of connector. This property appears in + responses but cannot be set in requests. + type: string + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. + Valid values include: `onActionGroupChange`: + Actions run when the alert status changes; + `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while + the rule conditions are met; + `onThrottleInterval`: Actions run when the alert + becomes active and at the interval specified in + the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The + recommended method is to set it for each action. + If you set it at the rule level then update the + rule in Kibana, it is automatically changed to + use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often + an alert generates repeated actions. It is + specified in seconds, minutes, hours, or days + and is applicable only if 'notify_when' is set + to 'onThrottleInterval'. NOTE: You cannot + specify the throttle interval at both the rule + and action level. The recommended method is to + set it for each action. If you set it at the + rule level then update the rule in Kibana, it is + automatically changed to use action-specific + values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: >- + A universally unique identifier (UUID) for the + action. + type: string + required: + - id + - connector_type_id + - params + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + api_key_created_by_user: + description: >- + Indicates whether the API key that is associated with the + rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: >- + The owner of the API key that is associated with the rule + and used to run background tasks. + nullable: true + type: string + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, + `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, + `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + execution_status: + additionalProperties: false + type: object + properties: + error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + required: + - status + - last_execution_date + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could be + succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + mapped_params: + additionalProperties: {} + type: object + monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + additionalProperties: false + description: >- + Calculation of different percentiles and success + ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + history: + description: History of the rule run. + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + additionalProperties: false + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: >- + Number of ignored alerts during last + run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: >- + Number of recovered alerts during last + run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value + could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: >- + Outcome message generated during last + rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + success: + description: >- + Indicates whether the rule run was + successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + type: array + last_run: + additionalProperties: false + type: object + properties: + metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + total_alerts_created: + description: >- + Total number of alerts created during last + rule run. + nullable: true + type: number + total_alerts_detected: + description: >- + Total number of alerts detected during + last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during + last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: >- + Total time spent performing Elasticsearch + searches as measured by Kibana; includes + network latency and time spent serializing + or deserializing the request and response. + nullable: true + type: number + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + required: + - history + - calculated_metrics + - last_run + required: + - run + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the + alert becomes active and at each check interval while the + rule conditions are met; `onThrottleInterval`: Actions run + when the alert becomes active and at the interval + specified in the throttle property while the rule + conditions are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The recommended method + is to set it for each action. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + description: The parameters for the rule. + type: object + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, + or days. + type: string + required: + - interval + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + type: array + bymonth: + items: + description: >- + Indicates months of the year that this rule + should recur. + type: number + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + type: array + bysetpos: + items: + description: >- + A positive or negative integer affecting the + nth day of the month. For example, -2 combined + with `byweekday` of FR is 2nd to last Friday + of the month. It is recommended to not set + this manually and just use `byweekday`. + type: number + type: array + byweekday: + items: + anyOf: + - type: string + - type: number + description: >- + Indicates the days of the week to recur or + else nth-day-of-month strings. For example, + "+2TU" second Tuesday of month, "-1FR" last + Friday of the month, which are internally + converted to a `byweekday/bysetpos` + combination. + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + type: array + byyearday: + items: + description: >- + Indicates the days of the year that this rule + should recur. + type: number + type: array + count: + description: >- + Number of times the rule should recur until it + stops. + type: number + dtstart: + description: >- + Rule start date in Coordinated Universal Time + (UTC). + type: string + freq: + description: >- + Indicates frequency of the rule. Options are + YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: >- + Indicates the interval of frequency. For + example, 1 and YEARLY is every 1 year, 2 and + WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: 'Indicates the start of week, defaults to Monday.' + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: >- + Deprecated in 8.13.0. Use the `throttle` property in the + action `frequency` object instead. The throttle interval, + which defines how often an alert generates repeated + actions. NOTE: You cannot specify the throttle interval at + both the rule and action level. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: >- + The identifier for the user that updated this rule most + recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + description: Indicates a successful call. + summary: Get information about rules + tags: + - alerting + /api/apm/agent_keys: + post: + description: Create a new agent key for APM. + operationId: createAgentKey + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + privileges: + items: + enum: + - 'event:write' + - 'config_agent:read' + type: string + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + api_key: + type: string + encoded: + type: string + expiration: + format: int64 + type: integer + id: + type: string + name: + type: string + description: Agent key created successfully + summary: Create an APM agent key + tags: + - APM agent keys + '/api/apm/services/{serviceName}/annotation': + post: + description: Create a new annotation for a specific service. + operationId: createAnnotation + parameters: + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + '@timestamp': + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + version: + type: string + tags: + items: + type: string + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _id: + type: string + _index: + type: string + _source: + type: object + properties: + '@timestamp': + type: string + annotation: + type: string + event: + type: object + properties: + created: + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + name: + type: string + version: + type: string + tags: + items: + type: string + type: array + description: Annotation created successfully + summary: Create a service annotation + tags: + - APM annotations + '/api/apm/services/{serviceName}/annotation/search': + get: + description: Search for annotations related to a specific service. + operationId: getAnnotation + parameters: + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + - description: The environment to filter annotations by + in: query + name: environment + required: false + schema: + type: string + - description: The start date for the search + in: query + name: start + required: false + schema: + type: string + - description: The end date for the search + in: query + name: end + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + annotations: + items: + type: object + properties: + '@timestamp': + type: number + id: + type: string + text: + type: string + type: + enum: + - version + type: string + type: array + description: Successful response + summary: Search for annotations + tags: + - APM annotations + /api/data_views: + get: + operationId: getAllDataViewsDefault + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getAllDataViewsResponse: + $ref: '#/components/examples/Data_views_get_data_views_response' + schema: + type: object + properties: + data_view: + items: + type: object + properties: + id: + type: string + name: + type: string + namespaces: + items: + type: string + type: array + title: + type: string + typeMeta: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get all data views + tags: + - data views + /api/data_views/data_view: + post: + operationId: createDataViewDefaultw + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createDataViewRequest: + $ref: '#/components/examples/Data_views_create_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_create_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create a data view + tags: + - data views + '/api/data_views/data_view/{viewId}': + delete: + description: | + WARNING: When you delete a data view, it cannot be recovered. + operationId: deleteDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '204': + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a data view + tags: + - data views + get: + operationId: getDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getDataViewResponse: + $ref: '#/components/examples/Data_views_get_data_view_response' + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a data view + tags: + - data views + post: + operationId: updateDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateDataViewRequest: + $ref: '#/components/examples/Data_views_update_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_update_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a data view + tags: + - data views + '/api/data_views/data_view/{viewId}/fields': + post: description: > - The Tines connector uses Tines Webhook actions to send events via POST - request. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - example: .tines - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - required: - - config - - connector_type_id - - name - - secrets - title: Create Tines connector request - type: object - Connectors_create_connector_request_torq: + Update fields presentation metadata such as count, customLabel, + customDescription, and format. + operationId: updateFieldsMetadataDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateFieldsMetadataRequest: + $ref: '#/components/examples/Data_views_update_field_metadata_request' + schema: + type: object + properties: + fields: + description: The field object. + type: object + required: + - fields + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update data view fields metadata + tags: + - data views + '/api/data_views/data_view/{viewId}/runtime_field': + post: + operationId: createRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + summary: Create a runtime field + tags: + - data views + put: + operationId: createUpdateRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: | + The ID of the data view fields you want to update. + in: path + name: viewId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create or update a runtime field + tags: + - data views + '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': + delete: + operationId: deleteRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a runtime field from a data view + tags: + - data views + get: + operationId: getRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getRuntimeFieldResponse: + $ref: '#/components/examples/Data_views_get_runtime_field_response' + schema: + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a runtime field + tags: + - data views + post: + operationId: updateRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_update_runtime_field_request' + schema: + type: object + properties: + runtimeField: + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + type: object + required: + - runtimeField + required: true + responses: + '200': + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a runtime field + tags: + - data views + /api/data_views/default: + get: + operationId: getDefaultDataViewDefault + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getDefaultDataViewResponse: + $ref: >- + #/components/examples/Data_views_get_default_data_view_response + schema: + type: object + properties: + data_view_id: + type: string + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get the default data view + tags: + - data views + post: + operationId: setDefaultDatailViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + setDefaultDataViewRequest: + $ref: '#/components/examples/Data_views_set_default_data_view_request' + schema: + type: object + properties: + data_view_id: + description: > + The data view identifier. NOTE: The API does not validate + whether it is a valid identifier. Use `null` to unset the + default data view. + nullable: true + type: string + force: + default: false + description: Update an existing default data view identifier. + type: boolean + required: + - data_view_id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Set the default data view + tags: + - data views + /api/data_views/swap_references: + post: description: > - The Torq connector uses a Torq webhook to trigger workflows with Kibana - actions. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - example: .torq - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - connector_type_id - - name - - secrets - title: Create Torq connector request - type: object - Connectors_create_connector_request_webhook: + Changes saved object references from one data view identifier to + another. WARNING: Misuse can break large numbers of saved objects! + Practicing with a backup is recommended. + operationId: swapDataViewsDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + swapDataViewRequest: + $ref: '#/components/examples/Data_views_swap_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + deleteStatus: + type: object + properties: + deletePerformed: + type: boolean + remainingRefs: + type: integer + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Swap saved object references + tags: + - data views + /api/data_views/swap_references/_preview: + post: description: > - The Webhook connector uses axios to send a POST or PUT request to a web - service. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - example: .webhook - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - required: - - config - - connector_type_id - - name - - secrets - title: Create Webhook connector request - type: object - Connectors_create_connector_request_xmatters: + Preview the impact of swapping saved object references from one data + view identifier to another. + operationId: previewSwapDataViewsDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + previewSwapDataViewRequest: + $ref: >- + #/components/examples/Data_views_preview_swap_data_view_request + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Preview a saved object reference swap + tags: + - data views + /api/ml/saved_objects/sync: + get: description: > - The xMatters connector uses the xMatters Workflow for Elastic to send - actionable alerts to on-call xMatters resources. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - example: .xmatters - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' - required: - - config - - connector_type_id - - name - - secrets - title: Create xMatters connector request - type: object - Connectors_crt: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file. - title: Certificate - type: string - Connectors_features: - description: | - The feature that uses the connector. - enum: - - alerting - - cases - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - siem - - uptime - type: string - Connectors_has_auth: - default: true - description: >- - If true, a username and password for login type authentication must be - provided. - title: Has authentication - type: boolean - Connectors_is_deprecated: - description: Indicates whether the connector type is deprecated. - example: false - type: boolean - Connectors_is_missing_secrets: - description: >- - Indicates whether secrets are missing for the connector. Secrets - configuration properties vary depending on the connector type. - example: false - type: boolean - Connectors_is_preconfigured: + Synchronizes Kibana saved objects for machine learning jobs and trained + models. This API runs automatically when you start Kibana and + periodically thereafter. + operationId: mlSync + parameters: + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync machine learning saved objects + tags: + - ml + /api/saved_objects/_export: + post: description: > - Indicates whether it is a preconfigured connector. If true, the `config` - and `is_missing_secrets` properties are omitted from the response. - example: false - type: boolean - Connectors_is_system_action: - description: Indicates whether the connector is used for system actions. - example: false - type: boolean - Connectors_key: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the KEY file. - title: Certificate key - type: string - Connectors_pfx: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. - title: Personal information exchange - type: string - Connectors_referenced_by_count: + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_request + schema: + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true + responses: + '200': + content: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_response + schema: + additionalProperties: true + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Export saved objects + tags: + - saved objects + /api/saved_objects/_import: + post: description: > - Indicates the number of saved objects that reference the connector. If - `is_preconfigured` is true, this value is not calculated. This property - is returned only by the get all connectors API. - example: 2 - type: integer - Connectors_secrets_properties_bedrock: - description: Defines secrets for connectors when type is `.bedrock`. - properties: - accessKey: - description: The AWS access key for authentication. - type: string - secret: - description: The AWS secret for authentication. - type: string - required: - - accessKey - - secret - title: Connector secrets properties for an Amazon Bedrock connector - type: object - Connectors_secrets_properties_cases_webhook: - title: Connector secrets properties for Webhook - Case Management connector - type: object - properties: - crt: - $ref: '#/components/schemas/Connectors_crt' - key: - $ref: '#/components/schemas/Connectors_key' - password: - description: > - The password for HTTP basic authentication. If `hasAuth` is set to - `true` and and `authType` is `webhook-authentication-basic`, this - property is required. - type: string - pfx: - $ref: '#/components/schemas/Connectors_pfx' - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true` and `authType` is `webhook-authentication-basic`, this - property is required. - type: string - Connectors_secrets_properties_d3security: - description: Defines secrets for connectors when type is `.d3security`. - type: object - properties: - token: - description: The D3 Security token. - type: string - required: - - token - title: Connector secrets properties for a D3 Security connector - Connectors_secrets_properties_email: - description: Defines secrets for connectors when type is `.email`. - properties: - clientSecret: - description: > - The Microsoft Exchange Client secret for OAuth 2.0 client - credentials authentication. It must be URL-encoded. If `service` is - `exchange_server`, this property is required. - type: string - password: - description: > - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - title: Connector secrets properties for an email connector - type: object - Connectors_secrets_properties_gemini: - description: Defines secrets for connectors when type is `.gemini`. - properties: - credentialsJSON: - description: >- - The service account credentials JSON file. The service account - should have Vertex AI user IAM role assigned to it. - type: string - required: - - credentialsJSON - title: Connector secrets properties for a Google Gemini connector - type: object - Connectors_secrets_properties_genai: - description: Defines secrets for connectors when type is `.gen-ai`. - properties: - apiKey: - description: The OpenAI API key. - type: string - title: Connector secrets properties for an OpenAI connector - type: object - Connectors_secrets_properties_jira: - description: Defines secrets for connectors when type is `.jira`. - type: object - properties: - apiToken: - description: The Jira API authentication token for HTTP basic authentication. - type: string - email: - description: The account email for HTTP Basic authentication. - type: string - required: - - apiToken - - email - title: Connector secrets properties for a Jira connector - Connectors_secrets_properties_opsgenie: - description: Defines secrets for connectors when type is `.opsgenie`. - type: object - properties: - apiKey: - description: The Opsgenie API authentication key for HTTP Basic authentication. - type: string - required: - - apiKey - title: Connector secrets properties for an Opsgenie connector - Connectors_secrets_properties_pagerduty: - description: Defines secrets for connectors when type is `.pagerduty`. - properties: - routingKey: - description: > - A 32 character PagerDuty Integration Key for an integration on a - service. - type: string - required: - - routingKey - title: Connector secrets properties for a PagerDuty connector - type: object - Connectors_secrets_properties_resilient: - description: Defines secrets for connectors when type is `.resilient`. - type: object - properties: - apiKeyId: - description: The authentication key ID for HTTP Basic authentication. - type: string - apiKeySecret: - description: The authentication key secret for HTTP Basic authentication. - type: string - required: - - apiKeyId - - apiKeySecret - title: Connector secrets properties for IBM Resilient connector - Connectors_secrets_properties_sentinelone: - description: Defines secrets for connectors when type is `.sentinelone`. - properties: - token: - description: The A SentinelOne API token. - type: string - required: - - token - title: Connector secrets properties for a SentinelOne connector - type: object - Connectors_secrets_properties_servicenow: - description: >- - Defines secrets for connectors when type is `.servicenow`, - `.servicenow-sir`, or `.servicenow-itom`. - properties: - clientSecret: - description: >- - The client secret assigned to your OAuth application. This property - is required when `isOAuth` is `true`. - type: string - password: - description: >- - The password for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - type: string - privateKey: - description: >- - The RSA private key that you created for use in ServiceNow. This - property is required when `isOAuth` is `true`. - type: string - privateKeyPassword: - description: >- - The password for the RSA private key. This property is required when - `isOAuth` is `true` and you set a password on your private key. - type: string - username: - description: >- - The username for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - type: string - title: >- - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors - type: object - Connectors_secrets_properties_slack_api: - description: Defines secrets for connectors when type is `.slack`. - type: object - properties: - token: - description: Slack bot user OAuth token. - type: string - required: - - token - title: Connector secrets properties for a Web API Slack connector - Connectors_secrets_properties_slack_webhook: - description: Defines secrets for connectors when type is `.slack`. - type: object - properties: - webhookUrl: - description: Slack webhook url. - type: string - required: - - webhookUrl - title: Connector secrets properties for a Webhook Slack connector - Connectors_secrets_properties_swimlane: - description: Defines secrets for connectors when type is `.swimlane`. - properties: - apiToken: - description: Swimlane API authentication token. - type: string - title: Connector secrets properties for a Swimlane connector - type: object - Connectors_secrets_properties_teams: - description: Defines secrets for connectors when type is `.teams`. - properties: - webhookUrl: - description: > - The URL of the incoming webhook. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - webhookUrl - title: Connector secrets properties for a Microsoft Teams connector - type: object - Connectors_secrets_properties_tines: - description: Defines secrets for connectors when type is `.tines`. - properties: - email: - description: The email used to sign in to Tines. - type: string - token: - description: The Tines API token. - type: string - required: - - email - - token - title: Connector secrets properties for a Tines connector - type: object - Connectors_secrets_properties_torq: - description: Defines secrets for connectors when type is `.torq`. - properties: - token: - description: The secret of the webhook authentication header. - type: string - required: - - token - title: Connector secrets properties for a Torq connector - type: object - Connectors_secrets_properties_webhook: - description: Defines secrets for connectors when type is `.webhook`. - properties: - crt: - $ref: '#/components/schemas/Connectors_crt' - key: - $ref: '#/components/schemas/Connectors_key' - password: - description: > - The password for HTTP basic authentication or the passphrase for the - SSL certificate files. If `hasAuth` is set to `true` and `authType` - is `webhook-authentication-basic`, this property is required. - type: string - pfx: - $ref: '#/components/schemas/Connectors_pfx' - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true` and `authType` is `webhook-authentication-basic`, this - property is required. - type: string - title: Connector secrets properties for a Webhook connector - type: object - Connectors_secrets_properties_xmatters: - description: Defines secrets for connectors when type is `.xmatters`. - properties: - password: - description: > - A user name for HTTP basic authentication. It is applicable only - when `usesBasic` is `true`. - type: string - secretsUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters with the - API key included in the URL. It is applicable only when `usesBasic` - is `false`. - type: string - user: - description: > - A password for HTTP basic authentication. It is applicable only when - `usesBasic` is `true`. - type: string - title: Connector secrets properties for an xMatters connector - type: object - Connectors_update_connector_request: - description: The properties vary depending on the connector type. - oneOf: - - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_update_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_update_connector_request_index' - - $ref: '#/components/schemas/Connectors_update_connector_request_jira' - - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_servicenow_itom - - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_update_connector_request_teams' - - $ref: '#/components/schemas/Connectors_update_connector_request_tines' - - $ref: '#/components/schemas/Connectors_update_connector_request_torq' - - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' - title: Update connector request body properties - Connectors_update_connector_request_bedrock: - title: Update Amazon Bedrock connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - name - Connectors_update_connector_request_cases_webhook: - title: Update Webhook - Case Managment connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - name - Connectors_update_connector_request_d3security: - title: Update D3 Security connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - name - - secrets - Connectors_update_connector_request_email: - title: Update email connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - name - Connectors_update_connector_request_gemini: - title: Update Google Gemini connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - required: - - config - - name - Connectors_update_connector_request_index: - title: Update index connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - name: - description: The display name for the connector. - type: string - required: - - config - - name - Connectors_update_connector_request_jira: - title: Update Jira connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - name: - description: The display name for the connector. + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false + schema: + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false + schema: + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_request + schema: + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_response + schema: + type: object + properties: + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Import saved objects + tags: + - saved objects + /api/status: + get: + operationId: '%2Fapi%2Fstatus#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + /data_streams: + get: + operationId: data-streams-list + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data_streams: + items: + $ref: '#/components/schemas/Fleet_data_stream' + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List data streams + tags: + - Data streams + parameters: [] + /enrollment_api_keys: + get: + operationId: get-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + operationId: create-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + description: The name of the enrollment API key. Must be unique. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - policy_id + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/enrollment_api_keys/{keyId}': + delete: + operationId: delete-enrollment-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Revoke enrollment API key by ID by marking it as inactive + tags: + - Fleet enrollment API keys + get: + operationId: get-enrollment-api-key + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - required: - - config - - name - - secrets - Connectors_update_connector_request_opsgenie: - title: Update Opsgenie connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - name: - description: The display name for the connector. + /enrollment-api-keys: + get: + deprecated: true + operationId: get-enrollment-api-keys-deprecated + parameters: [] + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + deprecated: true + operationId: create-enrollment-api-keys-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/enrollment-api-keys/{keyId}': + delete: + deprecated: true + operationId: delete-enrollment-api-key-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + get: + deprecated: true + operationId: get-enrollment-api-key-deprecated + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - name - - secrets - Connectors_update_connector_request_pagerduty: - title: Update PagerDuty connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - name: - description: The display name for the connector. + /epm/bulk_assets: + post: + operationId: bulk-get-assets + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + assetIds: + description: list of items necessary to fetch assets + items: + type: object + properties: + id: + type: string + type: + type: string + type: array + required: + - assetIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get assets + tags: + - Elastic Package Manager (EPM) + /epm/categories: + get: + operationId: get-package-categories + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_categories_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package categories + tags: + - Elastic Package Manager (EPM) + parameters: + - description: >- + Whether to include prerelease packages in categories count (e.g. beta, + rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: include_policy_templates + schema: + default: false + type: boolean + /epm/packages: + get: + operationId: list-all-packages + parameters: + - description: >- + Whether to exclude the install status of each package. Enabling this + option will opt in to caching for the response via `cache-control` + headers. If you don't need up-to-date installation info for a + package, and are querying for a list of available packages, + providing this flag can improve performance substantially. + in: query + name: excludeInstallStatus + schema: + default: false + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: category + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List packages + tags: + - Elastic Package Manager (EPM) + post: + description: '' + operationId: install-package-by-upload + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/gzip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + application/zip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - upload + - registry + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '429': + $ref: '#/components/responses/Fleet_error' + summary: Install by package by direct upload + tags: + - Elastic Package Manager (EPM) + /epm/packages/_bulk: + post: + operationId: bulk-install-packages + parameters: + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + description: force install to ignore package verification errors + type: boolean + packages: + description: list of packages to install + items: + oneOf: + - description: package name + type: string + - type: object + properties: + name: + description: package name + type: string + version: + description: package version + type: string + type: array + required: + - packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk install packages + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgkey}': + delete: + deprecated: true + operationId: delete-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete ackage + tags: + - Elastic Package Manager (EPM) + get: + deprecated: true + operationId: get-package-deprecated + parameters: + - in: path + name: pkgkey + required: true + schema: + type: string + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + response: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + savedObject: + type: string + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + post: + deprecated: true + description: '' + operationId: install-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgName}/{pkgVersion}': + delete: + operationId: delete-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: delete package even if policies used by agents + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + deprecated: true + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package + tags: + - Elastic Package Manager (EPM) + get: + operationId: get-package + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + item: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + licensePath: + type: string + notice: + type: string + savedObject: + deprecated: true + type: object + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - required: - - config - - name - - secrets - Connectors_update_connector_request_resilient: - title: Update IBM Resilient connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - name: - description: The display name for the connector. + - in: path + name: pkgVersion + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - name - - secrets - Connectors_update_connector_request_sentinelone: - title: Update SentinelOne connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - name: - description: The display name for the connector. + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + - description: >- + Return all fields from the package manifest, not just those supported + by the Elastic Package Registry + in: query + name: full + schema: + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + post: + description: '' + operationId: install-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + ignore_constraints: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - registry + - upload + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + put: + description: '' + operationId: update-package + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + keepPoliciesUpToDate: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package settings + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgName}/{pkgVersion}/{filePath}': + get: + operationId: packages-get-file + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package file + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - required: - - config - - name - - secrets - Connectors_update_connector_request_serverlog: - title: Update server log connector request - type: object - properties: - name: - description: The display name for the connector. + - in: path + name: pkgVersion + required: true + schema: type: string - required: - - name - Connectors_update_connector_request_servicenow: - title: Update ServiceNow ITSM connector or ServiceNow SecOps request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - name: - description: The display name for the connector. + - in: path + name: filePath + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - name - - secrets - Connectors_update_connector_request_servicenow_itom: - title: Create ServiceNow ITOM connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - name: - description: The display name for the connector. + '/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': + post: + description: '' + operationId: reauthorize-transforms + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: >- + Whether to include prerelease packages in categories count (e.g. + beta, rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + transforms: + items: + type: object + properties: + transformId: + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + error: + type: string + success: + type: boolean + transformId: + type: string + required: + - transformId + - error + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Authorize transforms + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgName}/stats': + get: + operationId: get-package-stats + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + $ref: '#/components/schemas/Fleet_package_usage_stats' + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package stats + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - name - - secrets - Connectors_update_connector_request_slack_api: - title: Update Slack connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - name: - description: The display name for the connector. + /epm/packages/limited: + get: + operationId: list-limited-packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: string + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get limited package list + tags: + - Elastic Package Manager (EPM) + parameters: [] + '/epm/templates/{pkgName}/{pkgVersion}/inputs': + get: + operationId: get-inputs-template + responses: + '200': + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get inputs template + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - name - - secrets - Connectors_update_connector_request_slack_webhook: - title: Update Slack connector request - type: object - properties: - name: - description: The display name for the connector. + - in: path + name: pkgVersion + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - name - - secrets - Connectors_update_connector_request_swimlane: - title: Update Swimlane connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - name: - description: The display name for the connector. - example: my-connector + - description: Format of response - json or yaml + in: query + name: format + schema: + enum: + - json + - yaml + - yml type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - name - - secrets - Connectors_update_connector_request_teams: - title: Update Microsoft Teams connector request - type: object - properties: - name: - description: The display name for the connector. + - description: Specify if version is prerelease + in: query + name: prerelease + schema: + type: boolean + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + /epm/verification_key_id: + get: + operationId: packages-get-verification-key-id + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + properties: + id: + description: >- + the key ID of the GPG key used to verify package + signatures + nullable: true + type: string + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package signature verification key ID + tags: + - Elastic Package Manager (EPM) + parameters: [] + /fleet_server_hosts: + get: + operationId: get-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_fleet_server_host' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List Fleet Server hosts + tags: + - Fleet Server hosts + post: + operationId: post-fleet-server-hosts + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string + required: + - name + - host_urls + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create Fleet Server host + tags: + - Fleet Server hosts + '/fleet_server_hosts/{itemId}': + delete: + operationId: delete-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete Fleet Server host by ID + tags: + - Fleet Server hosts + get: + operationId: get-one-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get Fleet Server host by ID + tags: + - Fleet Server hosts + parameters: + - in: path + name: itemId + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - name - - secrets - Connectors_update_connector_request_tines: - title: Update Tines connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - name: - description: The display name for the connector. + put: + operationId: update-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + nullable: true + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update Fleet Server host by ID + tags: + - Fleet Server hosts + /health_check: + post: + operationId: fleet-server-health-check + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + type: string + required: + - id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + description: Fleet Server host id + type: string + status: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Fleet Server health check + tags: + - Fleet internals + /kubernetes: + get: + operationId: get-full-k8s-manifest + parameters: + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: fleetServer + required: false + schema: + type: string + - in: query + name: enrolToken + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full K8s agent manifest + tags: + - Fleet Kubernetes + /logstash_api_keys: + post: + operationId: generate-logstash-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + api_key: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Generate Logstash API key + tags: + - Fleet outputs + /outputs: + get: + operationId: get-outputs + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_output_create_request' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List outputs + tags: + - Fleet outputs + post: + operationId: post-outputs + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_create_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create output + tags: + - Fleet outputs + '/outputs/{outputId}': + delete: + operationId: delete-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete output by ID + tags: + - Fleet outputs + get: + operationId: get-output + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get output by ID + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - required: - - config - - name - - secrets - Connectors_update_connector_request_torq: - title: Update Torq connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - name: - description: The display name for the connector. + put: + operationId: update-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_update_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_update_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update output by ID + tags: + - Fleet outputs + '/outputs/{outputId}/health': + get: + operationId: get-output-health + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + description: long message if unhealthy + type: string + state: + description: 'state of output, HEALTHY or DEGRADED' + type: string + timestamp: + description: timestamp of reported state + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get latest output health + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - name - - secrets - Connectors_update_connector_request_webhook: - title: Update Webhook connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - name: - description: The display name for the connector. + /package_policies: + get: + operationId: get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package policies + tags: + - Fleet package policies + parameters: [] + post: + operationId: create-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + description: >- + You should use inputs as an object and not use the deprecated inputs + array. + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Create package policy + tags: + - Fleet package policies + /package_policies/_bulk_get: + post: + operationId: bulk-get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get package policies + tags: + - Fleet package policies + '/package_policies/{packagePolicyId}': + delete: + operationId: delete-package-policy + parameters: + - in: query + name: force + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy by ID + tags: + - Fleet package policies + get: + operationId: get-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package policy by ID + tags: + - Fleet package policies + parameters: + - in: path + name: packagePolicyId + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - required: - - config - - name - - secrets - Connectors_update_connector_request_xmatters: - title: Update xMatters connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - name: - description: The display name for the connector. + put: + operationId: update-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + sucess: + type: boolean + required: + - item + - sucess + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package policy by ID + tags: + - Fleet package policies + /package_policies/delete: + post: + operationId: post-delete-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy + tags: + - Fleet package policies + /package_policies/upgrade: + post: + operationId: upgrade-package-policy + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade package policy to a newer package version + tags: + - Fleet package policies + /package_policies/upgrade/dryrun: + post: + operationId: upgrade-package-policy-dry-run + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + agent_diff: + $ref: '#/components/schemas/Fleet_upgrade_agent_diff' + diff: + $ref: '#/components/schemas/Fleet_upgrade_diff' + hasErrors: + type: boolean + required: + - hasErrors + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Dry run package policy upgrade + tags: + - Fleet package policies + /proxies: + get: + operationId: get-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_proxies' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List proxies + tags: + - Fleet proxies + post: + operationId: post-fleet-proxies + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + required: + - name + - url + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create proxy + tags: + - Fleet proxies + '/proxies/{itemId}': + delete: + operationId: delete-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete proxy by ID + tags: + - Fleet proxies + get: + operationId: get-one-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get proxy by ID + tags: + - Fleet proxies + parameters: + - in: path + name: itemId + required: true + schema: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' - required: - - config - - name - - secrets - Connectors_verification_mode: - default: full + put: + operationId: update-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update proxy by ID + tags: + - Fleet proxies + '/s/{spaceId}/api/observability/slos': + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' + in: query + name: kqlQuery + schema: + type: string + - description: 'The page to use for pagination, must be greater or equal than 1' + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy + schema: + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + type: string + - description: Sort order + example: asc + in: query + name: sortDirection + schema: + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs + tags: + - slo + post: + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + servers: + - url: 'https://localhost:5601' + summary: Create an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/_delete_instances': + post: + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + required: true + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + servers: + - url: 'https://localhost:5601' + summary: Batch delete rollup and summary data + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}': + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO + tags: + - slo + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde + in: query + name: instanceId + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO + tags: + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/_reset': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/disable': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '200': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/enable': + post: description: > - Controls the verification of certificates. Use `full` to validate that - the certificate has an issue date within the `not_before` and - `not_after` dates, chains to a trusted certificate authority (CA), and - has a hostname or IP address that matches the names within the - certificate. Use `certificate` to validate the certificate and verify - that it is signed by a trusted authority; this option does not check the - certificate hostname. Use `none` to skip certificate validation. - enum: - - certificate - - full - - none - title: Verification mode - type: string + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO + tags: + - slo + /service_tokens: + post: + operationId: generate-service-token + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /service-tokens: + post: + deprecated: true + operationId: generate-service-token-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /settings: + get: + operationId: get-settings + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get settings + tags: + - Fleet internals + put: + operationId: update-settings + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_yaml_config: + type: string + fleet_server_hosts: + description: Protocol and path must be the same for each URL + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update settings + tags: + - Fleet internals + /settings/enrollment: + get: + operationId: get-enrollment-settings + parameters: + - description: >- + An agent policy ID to scope the enrollment settings to. For example, + that policy's Fleet Server host, its proxy, download location, etc. + If not provided, the default Fleet Server policy is used (if any). + in: query + name: agentPolicyId + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_enrollment_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment settings + tags: + - Fleet internals + servers: + - description: Used for Fleet internals and not supported + url: 'http://KIBANA_HOST:5601/internal/fleet' + /setup: + post: + operationId: setup + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + description: Internal Server Error + summary: Initiate Fleet setup + tags: + - Fleet internals + /uninstall_tokens: + get: + operationId: get-uninstall-tokens + parameters: + - description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + minimum: 5 + type: integer + - $ref: '#/components/parameters/Fleet_page_index' + - description: Partial match filtering for policy IDs + in: query + name: policyId + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + required: + - id + - policy_id + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List metadata for latest uninstall tokens per agent policy + tags: + - Fleet uninstall tokens + '/uninstall_tokens/{uninstallTokenId}': + get: + operationId: get-uninstall-token + parameters: + - in: path + name: uninstallTokenId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + token: + type: string + required: + - id + - token + - policy_id + - created_at + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get one decrypted uninstall token by its ID + tags: + - Fleet uninstall tokens +components: + examples: + Data_views_create_data_view_request: + summary: Create a data view with runtime fields. + value: + data_view: + name: My Logstash data view + runtimeFieldMap: + runtime_shape_name: + script: + source: 'emit(doc[''shape_name''].value)' + type: keyword + title: logstash-* + Data_views_create_runtime_field_request: + summary: Create a runtime field. + value: + name: runtimeFoo + runtimeField: + script: + source: 'emit(doc["foo"].value)' + type: long + Data_views_get_data_view_response: + summary: >- + The get data view API returns a JSON object that contains information + about the data view. + value: + data_view: + allowNoIndex: false + fieldAttrs: + products.manufacturer: + count: 1 + products.price: + count: 1 + products.product_name: + count: 1 + total_quantity: + count: 1 + fieldFormats: + products.base_price: + id: number + params: + pattern: '$0,0.00' + products.base_unit_price: + id: number + params: + pattern: '$0,0.00' + products.min_price: + id: number + params: + pattern: '$0,0.00' + products.price: + id: number + params: + pattern: '$0,0.00' + products.taxful_price: + id: number + params: + pattern: '$0,0.00' + products.taxless_price: + id: number + params: + pattern: '$0,0.00' + taxful_total_price: + id: number + params: + pattern: '$0,0.[00]' + taxless_total_price: + id: number + params: + pattern: '$0,0.00' + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: category + type: string + currency: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: currency + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_birth_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: customer_birth_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + customer_first_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_first_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_first_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_first_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_first_name + type: string + customer_full_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_full_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_full_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_full_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_full_name + type: string + customer_gender: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_gender + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_last_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_last_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_last_name + type: string + customer_phone: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_phone + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: day_of_week + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week_i: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: day_of_week_i + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + email: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: email + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + event.dataset: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: event.dataset + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.city_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.city_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.continent_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.continent_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.country_iso_code: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.country_iso_code + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.location: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: geoip.location + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + geoip.region_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.region_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: manufacturer + type: string + order_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: order_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + order_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: order_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products._id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products._id.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products._id + type: string + products.base_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.base_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.base_unit_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.base_unit_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products.category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.category + type: string + products.created_on: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: products.created_on + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + products.discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.discount_percentage: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_percentage + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.manufacturer: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.manufacturer + type: string + products.min_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.min_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.price: + aggregatable: true + count: 1 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_id: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + isMapped: true + name: products.product_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_name: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.product_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.product_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.product_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.product_name + type: string + products.quantity: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: products.quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.tax_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.tax_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxful_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.taxful_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxless_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.taxless_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.unit_discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.unit_discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + taxful_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.[00]' + isMapped: true + name: taxful_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + taxless_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: taxless_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_quantity: + aggregatable: true + count: 1 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_unique_products: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_unique_products + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + type: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: type + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + user: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: user + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + runtimeFieldMap: {} + sourceFilters: [] + timeFieldName: order_date + title: kibana_sample_data_ecommerce + typeMeta: {} + version: WzUsMV0= + Data_views_get_data_views_response: + summary: The get all data views API returns a list of data views. + value: + data_view: + - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + title: kibana_sample_data_ecommerce + typeMeta: {} + - id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + namespaces: + - default + title: kibana_sample_data_flights + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: Kibana Sample Data Logs + namespaces: + - default + title: kibana_sample_data_logs + Data_views_get_default_data_view_response: + summary: The get default data view API returns the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + Data_views_get_runtime_field_response: + summary: >- + The get runtime field API returns a JSON object that contains + information about the runtime field (`hour_of_day`) and the data view + (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). + value: + data_view: + allowNoIndex: false + fieldAttrs: {} + fieldFormats: + AvgTicketPrice: + id: number + params: + pattern: '$0,0.[00]' + hour_of_day: + id: number + params: + pattern: '00' + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + AvgTicketPrice: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + params: + pattern: '$0,0.[00]' + isMapped: true + name: AvgTicketPrice + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Cancelled: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: Cancelled + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + Carrier: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Carrier + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + dayOfWeek: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: dayOfWeek + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Dest: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Dest + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: DestLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + DestRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DistanceKilometers: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceKilometers + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + DistanceMiles: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceMiles + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelay: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: FlightDelay + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + FlightDelayMin: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: FlightDelayMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelayType: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightDelayType + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightNum: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightNum + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightTimeHour: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightTimeHour + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightTimeMin: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: FlightTimeMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + hour_of_day: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + params: + pattern: '00' + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Origin: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Origin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: OriginLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + OriginRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + timestamp: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: timestamp + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + runtimeFieldMap: + hour_of_day: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + sourceFilters: [] + timeFieldName: timestamp + title: kibana_sample_data_flights + version: WzM2LDJd + fields: + - aggregatable: true + count: 0 + esTypes: + - long + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Data_views_preview_swap_data_view_request: + summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + value: + fromId: abcd-efg + toId: xyz-123 + Data_views_set_default_data_view_request: + summary: Set the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + force: true + Data_views_swap_data_view_request: + summary: >- + Swap references from data view ID "abcd-efg" to "xyz-123" and remove the + data view that is no longer referenced. + value: + delete: true + fromId: abcd-efg + toId: xyz-123 + Data_views_update_data_view_request: + summary: Update some properties for a data view. + value: + data_view: + allowNoIndex: false + name: Kibana Sample Data eCommerce + timeFieldName: order_date + title: kibana_sample_data_ecommerce + refresh_fields: true + Data_views_update_field_metadata_request: + summary: Update metadata for multiple fields. + value: + fields: + field1: + count: 123 + customLabel: Field 1 label + field2: + customDescription: Field 2 description + customLabel: Field 2 label + Data_views_update_runtime_field_request: + summary: Update an existing runtime field on a data view. + value: + runtimeField: + script: + source: 'emit(doc["bar"].value)' + Machine_learning_APIs_mlSyncExample: + summary: Two anomaly detection jobs required synchronization in this example. + value: + datafeedsAdded: {} + datafeedsRemoved: {} + savedObjectsCreated: + anomaly-detector: + myjob1: + success: true + myjob2: + success: true + savedObjectsDeleted: {} + Serverless_saved_objects_export_objects_request: + summary: Export a specific saved object. + value: + excludeExportDetails: true + includeReferencesDeep: false + objects: + - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + type: map + Serverless_saved_objects_export_objects_response: + summary: >- + The export objects API response contains a JSON record for each exported + object. + value: + attributes: + description: '' + layerListJSON: >- + [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total + Requests by + Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web + logs + count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual + Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total + Requests and + Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web + logs + count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] + mapStateJSON: >- + {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + title: '[Logs] Total Requests and Bytes' + uiStateJSON: '{"isDarkMode":false}' + coreMigrationVersion: 8.8.0 + created_at: '2023-08-23T20:03:32.204Z' + id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + managed: false + references: + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_1_join_0_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_2_source_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_3_source_index_pattern + type: index-pattern + type: map + typeMigrationVersion: 8.4.0 + updated_at: '2023-08-23T20:03:32.204Z' + version: WzEzLDFd + Serverless_saved_objects_import_objects_request: + value: + file: file.ndjson + Serverless_saved_objects_import_objects_response: + summary: >- + The import objects API response indicates a successful import and the + objects are created. Since these objects are created as new copies, each + entry in the successResults array includes a destinationId attribute. + value: + success: true + successCount: 1 + successResults: + - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + managed: false + meta: + icon: indexPatternApp + title: Kibana Sample Data Logs + type: index-pattern + parameters: + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. + in: path + name: viewId + required: true + schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + Fleet_format: + description: Simplified or legacy format for package inputs + in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + Fleet_kbn_xsrf: + description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. + in: header + name: kbn-xsrf + required: true + schema: + type: string + Fleet_kuery: + in: query + name: kuery + required: false + schema: + type: string + Fleet_page_index: + in: query + name: page + required: false + schema: + default: 1 + type: integer + Fleet_page_size: + description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + type: integer + Fleet_show_inactive: + in: query + name: showInactive + required: false + schema: + type: boolean + Fleet_show_upgradeable: + in: query + name: showUpgradeable + required: false + schema: + type: boolean + Fleet_sort_field: + in: query + name: sortField + required: false + schema: + deprecated: true + type: string + Fleet_sort_order: + in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string + Fleet_with_metrics: + description: 'Return agent metrics, false by default' + in: query + name: withMetrics + required: false + schema: + type: boolean + Machine_learning_APIs_simulateParam: + description: >- + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Serverless_saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + responses: + Fleet_error: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + schemas: Data_views_400_response: title: Bad request type: object @@ -15646,18 +12569,25 @@ components: type: object properties: active: + description: >- + When false, the enrollment API key is revoked and cannot be used for + enrolling Elastic Agents. type: boolean api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: + description: The ID of the API key in the Security API. type: string created_at: type: string id: type: string name: + description: The name of the enrollment API key. type: string policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id @@ -16314,6 +13244,7 @@ components: - version policy_id: deprecated: true + nullable: true type: string policy_ids: items: @@ -17198,6 +14129,11 @@ components: policy's namespace. example: customnamespace type: string + output_id: + description: Output ID to send package data to + example: output-id + nullable: true + type: string overrides: description: >- Override settings that are defined in the package policy. The @@ -17226,6 +14162,7 @@ components: deprecated: true description: Agent policy ID where that package policy will be added example: agent-policy-id + nullable: true type: string policy_ids: description: Agent policy IDs where that package policy will be added @@ -19042,8 +15979,7 @@ tags: Annotations enable you to easily see how events are impacting the performance of your applications. name: APM annotations - - description: Connector APIs enable you to create and manage connectors. - name: connectors + - name: connectors - name: Data streams - description: >- Data view APIs enable you to manage data views, formerly known as Kibana diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 08c1c14fa6160e..402904c65bf2ef 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -46,6 +46,10 @@ info: For more information about the console, refer to [Run API requests](https://www.elastic.co/guide/en/kibana/current/console-kibana.html). + + + NOTE: Access to internal Kibana API endpoints will be restricted in Kibana + version 9.0. Please move any integrations to publicly documented APIs. license: name: Attribution-NonCommercial-NoDerivatives 4.0 International url: 'https://creativecommons.org/licenses/by-nc-nd/4.0/' @@ -214,6 +218,7 @@ paths: - $ref: '#/components/parameters/Fleet_page_size' - $ref: '#/components/parameters/Fleet_page_index' - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' - description: >- When set to true, retrieve the related package policies for each agent policy. @@ -285,7 +290,8 @@ paths: /agent_policies/_bulk_get: post: operationId: bulk-get-agent-policies - parameters: [] + parameters: + - $ref: '#/components/parameters/Fleet_format' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -351,6 +357,7 @@ paths: required: true schema: type: string + - $ref: '#/components/parameters/Fleet_format' put: operationId: update-agent-policy parameters: @@ -384,6 +391,7 @@ paths: required: true schema: type: string + - $ref: '#/components/parameters/Fleet_format' post: operationId: agent-policy-copy parameters: @@ -1423,7 +1431,7 @@ paths: - agent2 rollout_duration_seconds: 3600 source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' - start_time: '2022-08-03T14:00:00.000Z' + start_time: 2022-08-03T14:00:00.000Z version: 8.4.0 schema: $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' @@ -1569,581 +1577,480 @@ paths: /api/actions: get: deprecated: true - description: Deprecated in 7.13.0. Use the get all connectors API instead. - operationId: legacyGetConnectors - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: '#/components/schemas/Connectors_action_response_properties' - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' + operationId: '%2Fapi%2Factions#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: {} summary: Get all connectors tags: - connectors + /api/actions/action: post: deprecated: true - description: Deprecated in 7.13.0. Use the create connector API instead. - operationId: legacyCreateConnector + operationId: '%2Fapi%2Factions%2Faction#0' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - title: Legacy create connector request properties + additionalProperties: false type: object properties: actionTypeId: description: The connector type identifier. type: string config: - description: >- - The configuration for the connector. Configuration - properties vary depending on the connector type. + additionalProperties: {} + default: {} type: object name: description: The display name for the connector. type: string secrets: - description: > - The secrets configuration for the connector. Secrets - configuration properties vary depending on the connector - type. NOTE: Remember these values. You must provide them - each time you update the connector. + additionalProperties: {} + default: {} type: object - required: true + required: + - name + - actionTypeId responses: '200': - $ref: '#/components/responses/Connectors_200_actions' - '401': - $ref: '#/components/responses/Connectors_401' + description: Indicates a successful call. summary: Create a connector tags: - connectors - '/api/actions/action/{actionId}': + '/api/actions/action/{id}': delete: deprecated: true - description: > - Deprecated in 7.13.0. Use the delete connector API instead. WARNING: - When you delete a connector, it cannot be recovered. - operationId: legacyDeleteConnector + description: 'WARNING: When you delete a connector, it cannot be recovered.' + operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#0' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string responses: '204': description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' summary: Delete a connector tags: - connectors get: deprecated: true - description: Deprecated in 7.13.0. Use the get connector API instead. - operationId: legacyGetConnector + operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#1' parameters: - - $ref: '#/components/parameters/Connectors_action_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string responses: '200': - $ref: '#/components/responses/Connectors_200_actions' - '401': - $ref: '#/components/responses/Connectors_401' + description: Indicates a successful call. summary: Get connector information tags: - connectors put: deprecated: true - description: Deprecated in 7.13.0. Use the update connector API instead. - operationId: legacyUpdateConnector + operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#2' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: The properties vary depending on the connector type. + additionalProperties: false + type: object properties: config: - description: >- - The new connector configuration. Configuration properties - vary depending on the connector type. + additionalProperties: {} + default: {} type: object name: - description: The new name for the connector. type: string secrets: - description: >- - The updated secrets configuration for the connector. Secrets - properties vary depending on the connector type. + additionalProperties: {} + default: {} type: object - title: Legacy update connector request body properties - type: object - required: true + required: + - name responses: '200': - $ref: '#/components/responses/Connectors_200_actions' - '404': - $ref: '#/components/responses/Connectors_404' + description: Indicates a successful call. summary: Update a connector tags: - connectors - '/api/actions/action/{actionId}/_execute': + '/api/actions/action/{id}/_execute': post: deprecated: true - description: Deprecated in 7.13.0. Use the run connector API instead. - operationId: legacyRunConnector + operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: The properties vary depending on the connector type. + additionalProperties: false + type: object properties: params: - description: >- - The parameters of the connector. Parameter properties vary - depending on the connector type. + additionalProperties: {} type: object required: - params - title: Legacy run connector request body properties - type: object - required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - actionId: - type: string - data: - oneOf: - - additionalProperties: true - description: Information returned from the action. - type: object - - description: An array of information returned from the action. - items: - type: object - type: array - status: - description: The status of the action. - type: string description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' summary: Run a connector tags: - connectors - /api/actions/connector: - post: - description: The connector identifier is randomly generated. - operationId: createConnector - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_email_connector_request - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request - createWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_request - createXmattersConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_request - schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_email_connector_response - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response - createWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_response - createXmattersConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_response - schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector with a random ID - tags: - - connectors /api/actions/connector_types: get: - operationId: getConnectorTypes + description: You do not need any Kibana feature privileges to run this API. + operationId: '%2Fapi%2Factions%2Fconnector_types#0' parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string - description: >- A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases). in: query name: feature_id + required: false schema: - $ref: '#/components/schemas/Connectors_features' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorTypesServerlessResponse: - $ref: >- - #/components/examples/Connectors_get_connector_types_generativeai_response - schema: - description: The properties vary for each connector type. - items: - type: object - properties: - enabled: - description: >- - Indicates whether the connector type is enabled in - Kibana. - example: true - type: boolean - enabled_in_config: - description: >- - Indicates whether the connector type is enabled in the - Kibana configuration file. - example: true - type: boolean - enabled_in_license: - description: >- - Indicates whether the connector is enabled in the - license. - example: true - type: boolean - id: - $ref: '#/components/schemas/Connectors_connector_types' - is_system_action_type: - example: false - type: boolean - minimum_license_required: - description: The license that is required to use the connector type. - example: basic - type: string - name: - description: The name of the connector type. - example: Index - type: string - supported_feature_ids: - description: The features that are supported by the connector type. - example: - - alerting - - cases - - siem - items: - $ref: '#/components/schemas/Connectors_features' - type: array - title: Get connector types response body properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connector types + type: string + responses: {} + summary: Get connector types tags: - connectors - '/api/actions/connector/{connectorId}': + '/api/actions/connector/{id}': delete: - operationId: deleteConnector + description: 'WARNING: When you delete a connector, it cannot be recovered.' + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string responses: '204': description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' summary: Delete a connector tags: - connectors get: - operationId: getConnector + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1' parameters: - - $ref: '#/components/parameters/Connectors_connector_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorResponse: - $ref: '#/components/examples/Connectors_get_connector_response' - schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + responses: + '200': description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Get a connector information + summary: Get connector information tags: - connectors post: - operationId: createConnectorId + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - description: > - A UUID v1 or v4 identifier for the connector. If you omit this - parameter, an identifier is randomly generated. - in: path - name: connectorId + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true schema: - example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + example: 'true' + type: string + - in: path + name: id + required: false + schema: type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + default: {} + type: object + connector_type_id: + description: The type of connector. + type: string + name: + description: The display name for the connector. + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name + - connector_type_id responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response - schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' summary: Create a connector tags: - connectors put: - operationId: updateConnector + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_update_index_connector_request schema: - $ref: '#/components/schemas/Connectors_update_connector_request' - required: true + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + default: {} + type: object + name: + description: The display name for the connector. + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' description: Indicates a successful call. - '400': - $ref: '#/components/responses/Connectors_401' - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' summary: Update a connector tags: - connectors - '/api/actions/connector/{connectorId}/_execute': + '/api/actions/connector/{id}/_execute': post: - description: > + description: >- You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. You must have - `read` privileges for the **Actions and Connectors** feature in the - **Management** section of the Kibana feature privileges. If you use an - index connector, you must also have `all`, `create`, `index`, or `write` - indices privileges. - operationId: runConnector + Kibana services or integrations with third-party systems. + operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0' parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - runCasesWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_cases_webhook_connector_request - runEmailConnectorRequest: - $ref: '#/components/examples/Connectors_run_email_connector_request' - runIndexConnectorRequest: - $ref: '#/components/examples/Connectors_run_index_connector_request' - runJiraConnectorRequest: - $ref: '#/components/examples/Connectors_run_jira_connector_request' - runPagerDutyConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_pagerduty_connector_request - runServerLogConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_server_log_connector_request - runServiceNowITOMConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_servicenow_itom_connector_request - runSlackConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_slack_api_connector_request - runSwimlaneConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_swimlane_connector_request schema: - $ref: '#/components/schemas/Connectors_run_connector_request' - required: true + additionalProperties: false + type: object + properties: + params: + additionalProperties: {} + type: object + required: + - params responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - runCasesWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_cases_webhook_connector_response - runEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_email_connector_response - runIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_index_connector_response - runJiraConnectorResponse: - $ref: '#/components/examples/Connectors_run_jira_connector_response' - runPagerDutyConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_pagerduty_connector_response - runServerLogConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_server_log_connector_response - runServiceNowITOMConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_servicenow_itom_connector_response - runSlackConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_slack_api_connector_response - runSwimlaneConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_swimlane_connector_response - schema: - type: object - properties: - connector_id: - description: The identifier for the connector. - type: string - data: - oneOf: - - additionalProperties: true - description: Information returned from the action. - type: object - - description: An array of information returned from the action. - items: - type: object - type: array - status: - description: The status of the action. - enum: - - error - - ok - type: string - required: - - connector_id - - status description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' summary: Run a connector tags: - connectors /api/actions/connectors: get: - operationId: getConnectors - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorsResponse: - $ref: '#/components/examples/Connectors_get_connectors_response' - schema: - items: - $ref: >- - #/components/schemas/Connectors_connector_response_properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' + operationId: '%2Fapi%2Factions%2Fconnectors#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: {} summary: Get all connectors tags: - connectors /api/actions/list_action_types: get: deprecated: true - description: Deprecated in 7.13.0. Use the get all connector types API instead. - operationId: legacyGetConnectorTypes - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - description: The properties vary for each connector type. - items: - type: object - properties: - enabled: - description: >- - Indicates whether the connector type is enabled in - Kibana. - type: boolean - enabledInConfig: - description: >- - Indicates whether the connector type is enabled in the - Kibana `.yml` file. - type: boolean - enabledInLicense: - description: >- - Indicates whether the connector is enabled in the - license. - example: true - type: boolean - id: - description: The unique identifier for the connector type. - type: string - minimumLicenseRequired: - description: The license that is required to use the connector type. - type: string - name: - description: The name of the connector type. - type: string - title: Legacy get connector types response body properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' + operationId: '%2Fapi%2Factions%2Flist_action_types#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: {} summary: Get connector types tags: - connectors @@ -10701,7 +10608,10 @@ paths: /enrollment_api_keys: get: operationId: get-enrollment-api-keys - parameters: [] + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' responses: '200': content: @@ -10739,6 +10649,22 @@ paths: operationId: create-enrollment-api-keys parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + description: The name of the enrollment API key. Must be unique. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - policy_id responses: '200': content: @@ -10779,7 +10705,7 @@ paths: description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Delete enrollment API key by ID + summary: Revoke enrollment API key by ID by marking it as inactive tags: - Fleet enrollment API keys get: @@ -14444,469 +14370,8 @@ components: profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 username: elastic version: WzIwNjM2LDFd - Connectors_create_email_connector_request: - summary: Create an email connector. - value: - config: - from: tester@example.com - hasAuth: true - host: 'https://example.com' - port: 1025 - secure: false - service: other - connector_type_id: .email - name: email-connector-1 - secrets: - password: password - user: username - Connectors_create_email_connector_response: - summary: A new email connector. - value: - config: - clientId: null - from: tester@example.com - hasAuth: true - host: 'https://example.com' - oauthTokenUrl: null - port: 1025 - secure: false - service: other - tenantId: null - connector_type_id: .email - id: 90a82c60-478f-11ee-a343-f98a117c727f - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: email-connector-1 - Connectors_create_index_connector_request: - summary: Create an index connector. - value: - config: - index: test-index - connector_type_id: .index - name: my-connector - Connectors_create_index_connector_response: - summary: A new index connector. - value: - config: - executionTimeField: null - index: test-index - refresh: false - connector_type_id: .index - id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-connector - Connectors_create_webhook_connector_request: - summary: Create a webhook connector with SSL authentication. - value: - config: - authType: webhook-authentication-ssl - certType: ssl-crt-key - method: post - url: 'https://example.com' - connector_type_id: .webhook - name: my-webhook-connector - secrets: - crt: QmFnIEF0dH... - key: LS0tLS1CRUdJ... - password: my-passphrase - Connectors_create_webhook_connector_response: - summary: A new webhook connector. - value: - config: - authType: webhook-authentication-ssl - certType: ssl-crt-key - hasAuth: true - headers: null - method: post - url: 'https://example.com' - verificationMode: full - connector_type_id: .webhook - id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-webhook-connector - Connectors_create_xmatters_connector_request: - summary: Create an xMatters connector with URL authentication. - value: - config: - usesBasic: false - connector_type_id: .xmatters - name: my-xmatters-connector - secrets: - secretsUrl: 'https://example.com?apiKey=xxxxx' - Connectors_create_xmatters_connector_response: - summary: A new xMatters connector. - value: - config: - configUrl: null - usesBasic: false - connector_type_id: .xmatters - id: 4d2d8da0-4d1f-11ee-9367-577408be4681 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-xmatters-connector - Connectors_get_connector_response: - summary: Get connector details. - value: - config: {} - connector_type_id: .server-log - id: df770e30-8b8b-11ed-a780-3b746c987a81 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my_server_log_connector - Connectors_get_connector_types_generativeai_response: - summary: A list of connector types for the `generativeAI` feature. - value: - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .gen-ai - is_system_action_type: false - minimum_license_required: enterprise - name: OpenAI - supported_feature_ids: - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .bedrock - is_system_action_type: false - minimum_license_required: enterprise - name: AWS Bedrock - supported_feature_ids: - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - enabled: true - enabled_in_config: true - enabled_in_license: true - id: .gemini - is_system_action_type: false - minimum_license_required: enterprise - name: Google Gemini - supported_feature_ids: - - generativeAIForSecurity - Connectors_get_connectors_response: - summary: A list of connectors - value: - - connector_type_id: .email - id: preconfigured-email-connector - is_deprecated: false - is_preconfigured: true - is_system_action: false - name: my-preconfigured-email-notification - referenced_by_count: 0 - - config: - executionTimeField: null - index: test-index - refresh: false - connector_type_id: .index - id: e07d0c80-8b8b-11ed-a780-3b746c987a81 - is_deprecated: false - is_missing_secrets: false - is_preconfigured: false - is_system_action: false - name: my-index-connector - referenced_by_count: 2 - Connectors_run_cases_webhook_connector_request: - summary: Run a Webhook - Case Management connector to create a case. - value: - params: - subAction: pushToService - subActionParams: - comments: - - comment: A comment about the incident. - commentId: 1 - incident: - description: Description of the incident. - id: caseID - severity: low - status: open - tags: - - tag1 - - tag2 - title: Case title - Connectors_run_cases_webhook_connector_response: - summary: >- - Response from a pushToService action for a Webhook - Case Management - connector. - value: - connector_id: 1824b5b8-c005-4dcc-adac-57f92db46459 - data: - comments: - - commentId: 1 - pushedDate: '2023-12-05T19:43:36.360Z' - id: 100665 - pushedDate: '2023-12-05T19:43:36.360Z' - title: TEST-29034 - url: 'https://example.com/browse/TEST-29034' - status: ok - Connectors_run_email_connector_request: - summary: Send an email message from an email connector. - value: - params: - bcc: - - user1@example.com - cc: - - user2@example.com - - user3@example.com - message: Test email message. - subject: Test message subject - to: - - user4@example.com - Connectors_run_email_connector_response: - summary: Response for sending a message from an email connector. - value: - connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 - data: - accepted: - - user1@example.com - - user2@example.com - - user3@example.com - - user4@example.com - envelope: - from: tester@example.com - to: - - user1@example.com - - user2@example.com - - user3@example.com - - user4@example.com - envelopeTime: 8 - messageId: <08a92d29-642a-0706-750c-de5996bd5cf3@example.com> - messageSize: 729 - messageTime: 3 - rejected: [] - response: 250 Message queued as QzEXKcGJ - status: ok - Connectors_run_index_connector_request: - summary: Run an index connector. - value: - params: - documents: - - id: my_doc_id - message: 'hello, world' - name: my_doc_name - Connectors_run_index_connector_response: - summary: Response from running an index connector. - value: - connector_id: fd38c600-96a5-11ed-bb79-353b74189cba - data: - errors: false - items: - - create: - _id: 4JtvwYUBrcyxt2NnfW3y - _index: my-index - _primary_term: 1 - _seq_no: 0 - _shards: - failed: 0 - successful: 1 - total: 2 - _version: 1 - result: created - status: 201 - took: 135 - status: ok - Connectors_run_jira_connector_request: - summary: Run a Jira connector to retrieve the list of issue types. - value: - params: - subAction: issueTypes - Connectors_run_jira_connector_response: - summary: Response from retrieving the list of issue types for a Jira connector. - value: - connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6 - data: - - id: 10024 - name: Improvement - - id: 10006 - name: Task - - id: 10007 - name: Sub-task - - id: 10025 - name: New Feature - - id: 10023 - name: Bug - - id: 10000 - name: Epic - status: ok - Connectors_run_pagerduty_connector_request: - summary: Run a PagerDuty connector to trigger an alert. - value: - params: - customDetails: - my_data_1: test data - eventAction: trigger - links: - - href: 'http://example.com/pagerduty' - text: An example link - summary: A brief event summary - Connectors_run_pagerduty_connector_response: - summary: Response from running a PagerDuty connector. - value: - connector_id: 45de9f70-954f-4608-b12a-db7cf808e49d - data: - dedup_key: 5115e138b26b484a81eaea779faa6016 - message: Event processed - status: success - status: ok - Connectors_run_server_log_connector_request: - summary: Run a server log connector. - value: - params: - level: warn - message: Test warning message. - Connectors_run_server_log_connector_response: - summary: Response from running a server log connector. - value: - connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 - status: ok - Connectors_run_servicenow_itom_connector_request: - summary: Run a ServiceNow ITOM connector to retrieve the list of choices. - value: - params: - subAction: getChoices - subActionParams: - fields: - - severity - - urgency - Connectors_run_servicenow_itom_connector_response: - summary: >- - Response from retrieving the list of choices for a ServiceNow ITOM - connector. - value: - connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698 - data: - - dependent_value: '' - element: severity - label: Critical - value: 1 - - dependent_value: '' - element: severity - label: Major - value: 2 - - dependent_value: '' - element: severity - label: Minor - value: 3 - - dependent_value: '' - element: severity - label: Warning - value: 4 - - dependent_value: '' - element: severity - label: OK - value: 5 - - dependent_value: '' - element: severity - label: Clear - value: 0 - - dependent_value: '' - element: urgency - label: 1 - High - value: 1 - - dependent_value: '' - element: urgency - label: 2 - Medium - value: 2 - - dependent_value: '' - element: urgency - label: 3 - Low - value: 3 - status: ok - Connectors_run_slack_api_connector_request: - summary: >- - Run a Slack connector that uses the web API method to post a message on - a channel. - value: - params: - subAction: postMessage - subActionParams: - channelIds: - - C123ABC456 - text: A test message. - Connectors_run_slack_api_connector_response: - summary: Response from posting a message with a Slack connector. - value: - connector_id: .slack_api - data: - channel: C123ABC456 - message: - app_id: A01BC2D34EF - blocks: - - block_id: /NXe - elements: - - elements: - - text: A test message. - type: text - type: rich_text_section - type: rich_text - bot_id: B12BCDEFGHI - bot_profile: - app_id: A01BC2D34EF - deleted: false - icons: - image_36: 'https://a.slack-edge.com/80588/img/plugins/app/bot_36.png' - id: B12BCDEFGHI - name: test - team_id: T01ABCDE2F - updated: 1672169705 - team: T01ABCDE2F - text: A test message - ts: '1234567890.123456' - type: message - user: U12A345BC6D - ok: true - ts: '1234567890.123456' - status: ok - Connectors_run_swimlane_connector_request: - summary: Run a Swimlane connector to create an incident. - value: - params: - subAction: pushToService - subActionParams: - comments: - - comment: A comment about the incident. - commentId: 1 - incident: - caseId: '1000' - caseName: Case name - description: Description of the incident. - Connectors_run_swimlane_connector_response: - summary: Response from creating a Swimlane incident. - value: - connector_id: a4746470-2f94-11ed-b0e0-87533c532698 - data: - comments: - - commentId: 1 - pushedDate: '2022-09-08T16:52:27.865Z' - id: aKPmBHWzmdRQtx6Mx - pushedDate: '2022-09-08T16:52:27.866Z' - title: TEST-457 - url: >- - https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx - status: ok - Connectors_update_index_connector_request: - summary: Update an index connector. - value: - config: - index: updated-index - name: updated-connector - Data_views_create_data_view_request: - summary: Create a data view with runtime fields. + Data_views_create_data_view_request: + summary: Create a data view with runtime fields. value: data_view: name: My Logstash data view @@ -16829,29 +16294,6 @@ components: - user type: string type: array - Connectors_action_id: - description: An identifier for the action. - in: path - name: actionId - required: true - schema: - example: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad - type: string - Connectors_connector_id: - description: An identifier for the connector. - in: path - name: connectorId - required: true - schema: - example: df770e30-8b8b-11ed-a780-3b746c987a81 - type: string - Connectors_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string Data_views_field_name: description: The name of the runtime field. in: path @@ -17007,55 +16449,6 @@ components: example: default type: string responses: - Connectors_200_actions: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Connectors_action_response_properties' - description: Indicates a successful call. - Connectors_401: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Unauthorized - example: Unauthorized - type: string - message: - type: string - statusCode: - enum: - - 401 - example: 401 - type: integer - title: Unauthorized response - type: object - description: Authorization information is missing or invalid. - Connectors_404: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not - found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - title: Not found response - type: object - description: Object is not found. Fleet_error: content: application/json; Elastic-Api-Version=2023-10-31: @@ -19082,4256 +18475,214 @@ components: type: string version: description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd - type: string - required: - - comment - - id - - owner - - type - - version - title: Update case comment request properties for user comments - type: object - Cases_user_actions_find_response_properties: - type: object - properties: - action: - $ref: '#/components/schemas/Cases_actions' - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - type: string - version: - example: WzM1ODg4LDFd - type: string - required: - - action - - comment_id - - created_at - - created_by - - id - - owner - - payload - - type - - version - Cases_user_actions_response_properties: - type: object - properties: - action: - $ref: '#/components/schemas/Cases_actions' - action_id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - case_id: - example: 22df07d0-03b1-11ed-920c-974bfa104448 - type: string - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - owner: - $ref: '#/components/schemas/Cases_owners' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - $ref: '#/components/schemas/Cases_action_types' - required: - - action - - action_id - - case_id - - comment_id - - created_at - - created_by - - owner - - payload - - type - Cases_user_comment_response_properties: - title: Case response properties for user comments - type: object - properties: - comment: - example: A new comment. - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - id: - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - pushed_at: - example: null - format: date-time - nullable: true - type: string - pushed_by: - $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' - type: - enum: - - user - example: user - type: string - updated_at: - example: null - format: date-time - nullable: true - type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: - example: WzIwNDMxLDFd - type: string - required: - - type - Connectors_action_response_properties: - description: The properties vary depending on the action type. - properties: - actionTypeId: - type: string - config: - type: object - id: - type: string - isDeprecated: - description: Indicates whether the action type is deprecated. - type: boolean - isMissingSecrets: - description: Indicates whether secrets are missing for the action. - type: boolean - isPreconfigured: - description: Indicates whether it is a preconfigured action. - type: boolean - name: - type: string - title: Action response properties - type: object - Connectors_auth_type: - description: | - The type of authentication to use: basic, SSL, or none. - enum: - - webhook-authentication-basic - - webhook-authentication-ssl - nullable: true - title: Authentication type - type: string - Connectors_ca: - description: > - A base64 encoded version of the certificate authority file that the - connector can trust to sign and validate certificates. This option is - available for all authentication types. - title: Certificate authority - type: string - Connectors_cert_type: - description: > - If the `authType` is `webhook-authentication-ssl`, specifies whether the - certificate authentication data is in a CRT and key file format or a PFX - file format. - enum: - - ssl-crt-key - - ssl-pfx - title: Certificate type - type: string - Connectors_config_properties_bedrock: - description: Defines properties for connectors when type is `.bedrock`. - properties: - apiUrl: - description: The Amazon Bedrock request URL. - type: string - defaultModel: - default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' - description: > - The generative artificial intelligence model for Amazon Bedrock to - use. Current support is for the Anthropic Claude models. - type: string - required: - - apiUrl - title: Connector request properties for an Amazon Bedrock connector - type: object - Connectors_config_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. - type: object - properties: - authType: - $ref: '#/components/schemas/Connectors_auth_type' - ca: - $ref: '#/components/schemas/Connectors_ca' - certType: - $ref: '#/components/schemas/Connectors_cert_type' - createCommentJson: - description: > - A JSON payload sent to the create comment URL to create a case - comment. You can use variables to add Kibana Cases data to the - payload. The required variable is `case.comment`. Due to Mustache - template variables (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated once the Mustache variables have - been placed when the REST method runs. Manually ensure that the JSON - is valid, disregarding the Mustache variables, so the later - validation will pass. - example: '{"body": {{{case.comment}}}}' - type: string - createCommentMethod: - default: put - description: > - The REST API HTTP request method to create a case comment in the - third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - createCommentUrl: - description: > - The REST API URL to create a case comment by ID in the third-party - system. You can use a variable to add the external system ID to the - URL. If you are using the `xpack.actions.allowedHosts setting`, add - the hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.id}}}/comment' - type: string - createIncidentJson: - description: > - A JSON payload sent to the create case URL to create a case. You can - use variables to add case data to the payload. Required variables - are `case.title` and `case.description`. Due to Mustache template - variables (which is the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid to avoid future validation errors; disregard Mustache - variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - type: string - createIncidentMethod: - default: post - description: > - The REST API HTTP request method to create a case in the third-party - system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - createIncidentResponseKey: - description: >- - The JSON key in the create external case response that contains the - case ID. - type: string - createIncidentUrl: - description: > - The REST API URL to create a case in the third-party system. If you - are using the `xpack.actions.allowedHosts` setting, add the hostname - to the allowed hosts. - type: string - getIncidentResponseExternalTitleKey: - description: >- - The JSON key in get external case response that contains the case - title. - type: string - getIncidentUrl: - description: > - The REST API URL to get the case by ID from the third-party system. - If you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. You can use a variable to add the - external system ID to the URL. Due to Mustache template variables - (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid, disregarding the Mustache variables, so the later validation - will pass. - example: 'https://example.com/issue/{{{external.system.id}}}' - type: string - hasAuth: - $ref: '#/components/schemas/Connectors_has_auth' - headers: - description: > - A set of key-value pairs sent as headers with the request URLs for - the create case, update case, get case, and create comment methods. - type: string - updateIncidentJson: - description: > - The JSON payload sent to the update case URL to update the case. You - can use variables to add Kibana Cases data to the payload. Required - variables are `case.title` and `case.description`. Due to Mustache - template variables (which is the text enclosed in triple braces, for - example, `{{{case.title}}}`), the JSON is not validated when you - create the connector. The JSON is validated after the Mustache - variables have been placed when REST method runs. Manually ensure - that the JSON is valid to avoid future validation errors; disregard - Mustache variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - type: string - updateIncidentMethod: - default: put - description: > - The REST API HTTP request method to update the case in the - third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - type: string - updateIncidentUrl: - description: > - The REST API URL to update the case by ID in the third-party system. - You can use a variable to add the external system ID to the URL. If - you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.ID}}}' - type: string - verificationMode: - $ref: '#/components/schemas/Connectors_verification_mode' - viewIncidentUrl: - description: > - The URL to view the case in the external system. You can use - variables to add the external system ID or external system title to - the URL. - example: >- - https://testing-jira.atlassian.net/browse/{{{external.system.title}}} - type: string - required: - - createIncidentJson - - createIncidentResponseKey - - createIncidentUrl - - getIncidentResponseExternalTitleKey - - getIncidentUrl - - updateIncidentJson - - updateIncidentUrl - - viewIncidentUrl - title: Connector request properties for Webhook - Case Management connector - Connectors_config_properties_d3security: - description: Defines properties for connectors when type is `.d3security`. - properties: - url: - description: > - The D3 Security API request URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - url - title: Connector request properties for a D3 Security connector - type: object - Connectors_config_properties_email: - description: Defines properties for connectors when type is `.email`. - type: object - properties: - clientId: - description: > - The client identifier, which is a part of OAuth 2.0 client - credentials authentication, in GUID format. If `service` is - `exchange_server`, this property is required. - nullable: true - type: string - from: - description: > - The from address for all emails sent by the connector. It must be - specified in `user@host-name` format. - type: string - hasAuth: - default: true - description: > - Specifies whether a user and password are required inside the - secrets configuration. - type: boolean - host: - description: > - The host name of the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: string - oauthTokenUrl: - nullable: true - type: string - port: - description: > - The port to connect to on the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: integer - secure: - description: > - Specifies whether the connection to the service provider will use - TLS. If the `service` is `elastic_cloud` (for Elastic Cloud - notifications) or one of Nodemailer's well-known email service - providers, this property is ignored. - type: boolean - service: - description: | - The name of the email service. - enum: - - elastic_cloud - - exchange_server - - gmail - - other - - outlook365 - - ses - type: string - tenantId: - description: > - The tenant identifier, which is part of OAuth 2.0 client credentials - authentication, in GUID format. If `service` is `exchange_server`, - this property is required. - nullable: true - type: string - required: - - from - title: Connector request properties for an email connector - Connectors_config_properties_gemini: - description: Defines properties for connectors when type is `.gemini`. - properties: - apiUrl: - description: The Google Gemini request URL. - type: string - defaultModel: - default: gemini-1.5-pro-001 - description: >- - The generative artificial intelligence model for Google Gemini to - use. - type: string - gcpProjectID: - description: The Google ProjectID that has Vertex AI endpoint enabled. - type: string - gcpRegion: - description: The GCP region where the Vertex AI endpoint enabled. - type: string - required: - - apiUrl - - gcpRegion - - gcpProjectID - title: Connector request properties for an Google Gemini connector - type: object - Connectors_config_properties_genai: - description: Defines properties for connectors when type is `.gen-ai`. - discriminator: - mapping: - Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' - OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' - propertyName: apiProvider - oneOf: - - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' - - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' - title: Connector request properties for an OpenAI connector - Connectors_config_properties_genai_azure: - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `Azure OpenAI'. - properties: - apiProvider: - description: The OpenAI API provider. - enum: - - Azure OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. - type: string - required: - - apiProvider - - apiUrl - title: >- - Connector request properties for an OpenAI connector that uses Azure - OpenAI - type: object - Connectors_config_properties_genai_openai: - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `OpenAI'. - properties: - apiProvider: - description: The OpenAI API provider. - enum: - - OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. - type: string - defaultModel: - description: The default model to use for requests. - type: string - required: - - apiProvider - - apiUrl - title: Connector request properties for an OpenAI connector - type: object - Connectors_config_properties_index: - description: Defines properties for connectors when type is `.index`. - type: object - properties: - executionTimeField: - default: null - description: A field that indicates when the document was indexed. - nullable: true - type: string - index: - description: The Elasticsearch index to be written to. - type: string - refresh: - default: false - description: > - The refresh policy for the write request, which affects when changes - are made visible to search. Refer to the refresh setting for - Elasticsearch document APIs. - type: boolean - required: - - index - title: Connector request properties for an index connector - Connectors_config_properties_jira: - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - apiUrl: - description: The Jira instance URL. - type: string - projectKey: - description: The Jira project key. - type: string - required: - - apiUrl - - projectKey - title: Connector request properties for a Jira connector - Connectors_config_properties_opsgenie: - description: Defines properties for connectors when type is `.opsgenie`. - type: object - properties: - apiUrl: - description: > - The Opsgenie URL. For example, `https://api.opsgenie.com` or - `https://api.eu.opsgenie.com`. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - apiUrl - title: Connector request properties for an Opsgenie connector - Connectors_config_properties_pagerduty: - description: Defines properties for connectors when type is `.pagerduty`. - properties: - apiUrl: - description: The PagerDuty event URL. - example: 'https://events.pagerduty.com/v2/enqueue' - nullable: true - type: string - title: Connector request properties for a PagerDuty connector - type: object - Connectors_config_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. - type: object - properties: - apiUrl: - description: The IBM Resilient instance URL. - type: string - orgId: - description: The IBM Resilient organization ID. - type: string - required: - - apiUrl - - orgId - title: Connector request properties for a IBM Resilient connector - Connectors_config_properties_sentinelone: - description: Defines properties for connectors when type is `.sentinelone`. - type: object - properties: - url: - description: > - The SentinelOne tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - url - title: Connector request properties for a SentinelOne connector - Connectors_config_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. - type: string - usesTableApi: - default: true - description: > - Determines whether the connector uses the Table API or the Import - Set API. This property is supported only for ServiceNow ITSM and - ServiceNow SecOps connectors. NOTE: If this property is set to - `false`, the Elastic application should be installed in ServiceNow. - type: boolean - required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_servicenow_itom: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. - type: string - required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_slack_api: - description: Defines properties for connectors when type is `.slack_api`. - properties: - allowedChannels: - description: A list of valid Slack channels. - items: - maxItems: 25 - type: object - properties: - id: - description: The Slack channel ID. - example: C123ABC456 - minLength: 1 - type: string - name: - description: The Slack channel name. - minLength: 1 - type: string - required: - - id - - name - type: array - title: Connector request properties for a Slack connector - type: object - Connectors_config_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - apiUrl: - description: The Swimlane instance URL. - type: string - appId: - description: The Swimlane application ID. - type: string - connectorType: - description: >- - The type of connector. Valid values are `all`, `alerts`, and - `cases`. - enum: - - all - - alerts - - cases - type: string - mappings: - description: The field mapping. - properties: - alertIdConfig: - description: Mapping for the alert ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Alert identifier mapping - type: object - caseIdConfig: - description: Mapping for the case ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case identifier mapping - type: object - caseNameConfig: - description: Mapping for the case name. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case name mapping - type: object - commentsConfig: - description: Mapping for the case comments. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case comment mapping - type: object - descriptionConfig: - description: Mapping for the case description. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case description mapping - type: object - ruleNameConfig: - description: Mapping for the name of the alert's rule. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Rule name mapping - type: object - severityConfig: - description: Mapping for the severity. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Severity mapping - type: object - title: Connector mappings properties for a Swimlane connector - type: object - required: - - apiUrl - - appId - - connectorType - title: Connector request properties for a Swimlane connector - Connectors_config_properties_tines: - description: Defines properties for connectors when type is `.tines`. - properties: - url: - description: > - The Tines tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, make sure this hostname is - added to the allowed hosts. - type: string - required: - - url - title: Connector request properties for a Tines connector - type: object - Connectors_config_properties_torq: - description: Defines properties for connectors when type is `.torq`. - properties: - webhookIntegrationUrl: - description: The endpoint URL of the Elastic Security integration in Torq. - type: string - required: - - webhookIntegrationUrl - title: Connector request properties for a Torq connector - type: object - Connectors_config_properties_webhook: - description: Defines properties for connectors when type is `.webhook`. - properties: - authType: - $ref: '#/components/schemas/Connectors_auth_type' - ca: - $ref: '#/components/schemas/Connectors_ca' - certType: - $ref: '#/components/schemas/Connectors_cert_type' - hasAuth: - $ref: '#/components/schemas/Connectors_has_auth' - headers: - description: A set of key-value pairs sent as headers with the request. - nullable: true - type: object - method: - default: post - description: | - The HTTP request method, either `post` or `put`. - enum: - - post - - put - type: string - url: - description: > - The request URL. If you are using the `xpack.actions.allowedHosts` - setting, add the hostname to the allowed hosts. - type: string - verificationMode: - $ref: '#/components/schemas/Connectors_verification_mode' - title: Connector request properties for a Webhook connector - type: object - Connectors_config_properties_xmatters: - description: Defines properties for connectors when type is `.xmatters`. - properties: - configUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters. It is - applicable only when `usesBasic` is `true`. - nullable: true - type: string - usesBasic: - default: true - description: >- - Specifies whether the connector uses HTTP basic authentication - (`true`) or URL authentication (`false`). - type: boolean - title: Connector request properties for an xMatters connector - type: object - Connectors_connector_response_properties: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - .cases-webhook: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - .d3security: >- - #/components/schemas/Connectors_connector_response_properties_d3security - .email: '#/components/schemas/Connectors_connector_response_properties_email' - .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' - .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' - .index: '#/components/schemas/Connectors_connector_response_properties_index' - .jira: '#/components/schemas/Connectors_connector_response_properties_jira' - .opsgenie: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - .pagerduty: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - .resilient: >- - #/components/schemas/Connectors_connector_response_properties_resilient - .sentinelone: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - .server-log: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - .servicenow: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - .servicenow-itom: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - .slack: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - .slack_api: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - .swimlane: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - .teams: '#/components/schemas/Connectors_connector_response_properties_teams' - .tines: '#/components/schemas/Connectors_connector_response_properties_tines' - .torq: '#/components/schemas/Connectors_connector_response_properties_torq' - .webhook: >- - #/components/schemas/Connectors_connector_response_properties_webhook - .xmatters: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - propertyName: connector_type_id - oneOf: - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_d3security - - $ref: '#/components/schemas/Connectors_connector_response_properties_email' - - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' - - $ref: '#/components/schemas/Connectors_connector_response_properties_index' - - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_resilient - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' - - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' - - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - title: Connector response properties - Connectors_connector_response_properties_bedrock: - title: Connector response properties for an Amazon Bedrock connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - required: - - config - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_cases_webhook: - title: Connector request properties for a Webhook - Case Management connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_d3security: - title: Connector response properties for a D3 Security connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_email: - title: Connector response properties for an email connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_gemini: - title: Connector response properties for a Google Gemini connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_genai: - title: Connector response properties for an OpenAI connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_index: - title: Connector response properties for an index connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_jira: - title: Connector response properties for a Jira connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_opsgenie: - title: Connector response properties for an Opsgenie connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_pagerduty: - title: Connector response properties for a PagerDuty connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_resilient: - title: Connector response properties for a IBM Resilient connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_sentinelone: - title: Connector response properties for a SentinelOne connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_serverlog: - title: Connector response properties for a server log connector - type: object - properties: - config: - nullable: true - type: object - connector_type_id: - description: The type of connector. - enum: - - .server-log - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow: - title: Connector response properties for a ServiceNow ITSM connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_itom: - title: Connector response properties for a ServiceNow ITOM connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_sir: - title: Connector response properties for a ServiceNow SecOps connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_api: - title: Connector response properties for a Slack connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_webhook: - title: Connector response properties for a Slack connector - type: object - properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_swimlane: - title: Connector response properties for a Swimlane connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_teams: - title: Connector response properties for a Microsoft Teams connector - type: object - properties: - config: - type: object - connector_type_id: - description: The type of connector. - enum: - - .teams - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_tines: - title: Connector response properties for a Tines connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_torq: - title: Connector response properties for a Torq connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_webhook: - title: Connector response properties for a Webhook connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_xmatters: - title: Connector response properties for an xMatters connector - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_types: - description: >- - The type of connector. For example, `.email`, `.index`, `.jira`, - `.opsgenie`, or `.server-log`. - enum: - - .bedrock - - .gemini - - .cases-webhook - - .d3security - - .email - - .gen-ai - - .index - - .jira - - .opsgenie - - .pagerduty - - .resilient - - .sentinelone - - .servicenow - - .servicenow-itom - - .servicenow-sir - - .server-log - - .slack - - .slack_api - - .swimlane - - .teams - - .tines - - .torq - - .webhook - - .xmatters - example: .server-log - title: Connector types - type: string - Connectors_create_connector_request: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' - .cases-webhook: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' - .email: '#/components/schemas/Connectors_create_connector_request_email' - .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' - .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' - .index: '#/components/schemas/Connectors_create_connector_request_index' - .jira: '#/components/schemas/Connectors_create_connector_request_jira' - .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' - .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' - .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' - .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' - .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' - .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' - .servicenow-itom: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - .slack: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' - .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' - .teams: '#/components/schemas/Connectors_create_connector_request_teams' - .tines: '#/components/schemas/Connectors_create_connector_request_tines' - .torq: '#/components/schemas/Connectors_create_connector_request_torq' - .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' - .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' - propertyName: connector_type_id - oneOf: - - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_create_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_create_connector_request_index' - - $ref: '#/components/schemas/Connectors_create_connector_request_jira' - - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_create_connector_request_teams' - - $ref: '#/components/schemas/Connectors_create_connector_request_tines' - - $ref: '#/components/schemas/Connectors_create_connector_request_torq' - - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' - title: Create connector request body properties - Connectors_create_connector_request_bedrock: - description: >- - The Amazon Bedrock connector uses axios to send a POST request to Amazon - Bedrock. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - example: .bedrock - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - connector_type_id - - name - - secrets - title: Create Amazon Bedrock connector request - type: object - Connectors_create_connector_request_cases_webhook: - description: > - The Webhook - Case Management connector uses axios to send POST, PUT, - and GET requests to a case management RESTful API web service. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - connector_type_id - - name - title: Create Webhook - Case Managment connector request - type: object - Connectors_create_connector_request_d3security: - description: > - The connector uses axios to send a POST request to a D3 Security - endpoint. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - example: .d3security - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - connector_type_id - - name - - secrets - title: Create D3 Security connector request - type: object - Connectors_create_connector_request_email: - description: > - The email connector uses the SMTP protocol to send mail messages, using - an integration of Nodemailer. An exception is Microsoft Exchange, which - uses HTTP protocol for sending emails, Send mail. Email message text is - sent as both plain text and html text. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - example: .email - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - connector_type_id - - name - - secrets - title: Create email connector request - type: object - Connectors_create_connector_request_gemini: - description: >- - The Google Gemini connector uses axios to send a POST request to Google - Gemini. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - example: .gemini - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - required: - - config - - connector_type_id - - name - - secrets - title: Create Google Gemini connector request - type: object - Connectors_create_connector_request_genai: - description: > - The OpenAI connector uses axios to send a POST request to either OpenAI - or Azure OpenAPI. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - example: .gen-ai - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_genai' - required: - - config - - connector_type_id - - name - - secrets - title: Create OpenAI connector request - type: object - Connectors_create_connector_request_index: - description: The index connector indexes a document into Elasticsearch. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - example: .index - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - required: - - config - - connector_type_id - - name - title: Create index connector request - type: object - Connectors_create_connector_request_jira: - description: The Jira connector uses the REST API v2 to create Jira issues. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira - example: .jira - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - required: - - config - - connector_type_id - - name - - secrets - title: Create Jira connector request - type: object - Connectors_create_connector_request_opsgenie: - description: The Opsgenie connector uses the Opsgenie alert API. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - example: .opsgenie - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - connector_type_id - - name - - secrets - title: Create Opsgenie connector request - type: object - Connectors_create_connector_request_pagerduty: - description: > - The PagerDuty connector uses the v2 Events API to trigger, acknowledge, - and resolve PagerDuty alerts. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - example: .pagerduty - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - required: - - config - - connector_type_id - - name - - secrets - title: Create PagerDuty connector request - type: object - Connectors_create_connector_request_resilient: - description: >- - The IBM Resilient connector uses the RESILIENT REST v2 to create IBM - Resilient incidents. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - example: .resilient - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - connector_type_id - - name - - secrets - title: Create IBM Resilient connector request - type: object - Connectors_create_connector_request_sentinelone: - description: > - The SentinelOne connector communicates with SentinelOne Management - Console via REST API. This functionality is in technical preview and may - be changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Create SentinelOne connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - example: .sentinelone - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - required: - - config - - connector_type_id - - name - - secrets - x-technical-preview: true - Connectors_create_connector_request_serverlog: - description: This connector writes an entry to the Kibana server log. - properties: - connector_type_id: - description: The type of connector. - enum: - - .server-log - example: .server-log - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - required: - - connector_type_id - - name - title: Create server log connector request - type: object - Connectors_create_connector_request_servicenow: - description: > - The ServiceNow ITSM connector uses the import set API to create - ServiceNow incidents. You can use the connector for rule actions and - cases. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - example: .servicenow - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITSM connector request - type: object - Connectors_create_connector_request_servicenow_itom: - description: > - The ServiceNow ITOM connector uses the event API to create ServiceNow - events. You can use the connector for rule actions. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - example: .servicenow-itom - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITOM connector request - type: object - Connectors_create_connector_request_servicenow_sir: - description: > - The ServiceNow SecOps connector uses the import set API to create - ServiceNow security incidents. You can use the connector for rule - actions and cases. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow SecOps connector request - type: object - Connectors_create_connector_request_slack_api: - description: The Slack connector uses an API method to send Slack messages. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - example: .slack_api - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request - type: object - Connectors_create_connector_request_slack_webhook: - description: The Slack connector uses Slack Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - example: .slack - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request - type: object - Connectors_create_connector_request_swimlane: - description: >- - The Swimlane connector uses the Swimlane REST API to create Swimlane - records. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - example: .swimlane - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - connector_type_id - - name - - secrets - title: Create Swimlane connector request - type: object - Connectors_create_connector_request_teams: - description: The Microsoft Teams connector uses Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .teams - example: .teams - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - connector_type_id - - name - - secrets - title: Create Microsoft Teams connector request - type: object - Connectors_create_connector_request_tines: - description: > - The Tines connector uses Tines Webhook actions to send events via POST - request. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - example: .tines - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - required: - - config - - connector_type_id - - name - - secrets - title: Create Tines connector request - type: object - Connectors_create_connector_request_torq: - description: > - The Torq connector uses a Torq webhook to trigger workflows with Kibana - actions. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - example: .torq - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - connector_type_id - - name - - secrets - title: Create Torq connector request - type: object - Connectors_create_connector_request_webhook: - description: > - The Webhook connector uses axios to send a POST or PUT request to a web - service. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - example: .webhook - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - required: - - config - - connector_type_id - - name - - secrets - title: Create Webhook connector request - type: object - Connectors_create_connector_request_xmatters: - description: > - The xMatters connector uses the xMatters Workflow for Elastic to send - actionable alerts to on-call xMatters resources. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - example: .xmatters - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' - required: - - config - - connector_type_id - - name - - secrets - title: Create xMatters connector request - type: object - Connectors_crt: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file. - title: Certificate - type: string - Connectors_features: - description: | - The feature that uses the connector. - enum: - - alerting - - cases - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - siem - - uptime - type: string - Connectors_has_auth: - default: true - description: >- - If true, a username and password for login type authentication must be - provided. - title: Has authentication - type: boolean - Connectors_is_deprecated: - description: Indicates whether the connector type is deprecated. - example: false - type: boolean - Connectors_is_missing_secrets: - description: >- - Indicates whether secrets are missing for the connector. Secrets - configuration properties vary depending on the connector type. - example: false - type: boolean - Connectors_is_preconfigured: - description: > - Indicates whether it is a preconfigured connector. If true, the `config` - and `is_missing_secrets` properties are omitted from the response. - example: false - type: boolean - Connectors_is_system_action: - description: Indicates whether the connector is used for system actions. - example: false - type: boolean - Connectors_key: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the KEY file. - title: Certificate key - type: string - Connectors_pfx: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. - title: Personal information exchange - type: string - Connectors_referenced_by_count: - description: > - Indicates the number of saved objects that reference the connector. If - `is_preconfigured` is true, this value is not calculated. This property - is returned only by the get all connectors API. - example: 2 - type: integer - Connectors_run_connector_params_acknowledge_resolve_pagerduty: - description: Test an action that acknowledges or resolves a PagerDuty alert. - properties: - dedupKey: - description: The deduplication key for the PagerDuty alert. - maxLength: 255 - type: string - eventAction: - description: The type of event. - enum: - - acknowledge - - resolve - type: string - required: - - dedupKey - - eventAction - title: PagerDuty connector parameters - type: object - Connectors_run_connector_params_documents: - description: Test an action that indexes a document into Elasticsearch. - properties: - documents: - description: The documents in JSON format for index connectors. - items: - additionalProperties: true - type: object - type: array - required: - - documents - title: Index connector parameters - type: object - Connectors_run_connector_params_message_email: - anyOf: - - required: - - bcc - - message - - subject - - required: - - cc - - message - - subject - - required: - - to - - message - - subject - description: > - Test an action that sends an email message. There must be at least one - recipient in `to`, `cc`, or `bcc`. - properties: - bcc: - description: > - A list of "blind carbon copy" email addresses. Addresses can be - specified in `user@host-name` format or in name `` - format - items: - type: string - type: array - cc: - description: > - A list of "carbon copy" email addresses. Addresses can be specified - in `user@host-name` format or in name `` format - items: - type: string - type: array - message: - description: The email message text. Markdown format is supported. - type: string - subject: - description: The subject line of the email. - type: string - to: - description: > - A list of email addresses. Addresses can be specified in - `user@host-name` format or in name `` format. - items: - type: string - type: array - title: Email connector parameters - type: object - Connectors_run_connector_params_message_serverlog: - description: Test an action that writes an entry to the Kibana server log. - properties: - level: - default: info - description: The log level of the message for server log connectors. - enum: - - debug - - error - - fatal - - info - - trace - - warn - type: string - message: - description: The message for server log connectors. - type: string - required: - - message - title: Server log connector parameters - type: object - Connectors_run_connector_params_message_slack: - description: > - Test an action that sends a message to Slack. It is applicable only when - the connector type is `.slack`. - properties: - message: - description: >- - The Slack message text, which cannot contain Markdown, images, or - other advanced formatting. - type: string - required: - - message - title: Slack connector parameters - type: object - Connectors_run_connector_params_trigger_pagerduty: - description: Test an action that triggers a PagerDuty alert. - properties: - class: - description: The class or type of the event. - example: cpu load - type: string - component: - description: >- - The component of the source machine that is responsible for the - event. - example: eth0 - type: string - customDetails: - description: Additional details to add to the event. - type: object - dedupKey: - description: > - All actions sharing this key will be associated with the same - PagerDuty alert. This value is used to correlate trigger and - resolution. - maxLength: 255 - type: string - eventAction: - description: The type of event. - enum: - - trigger - type: string - group: - description: The logical grouping of components of a service. - example: app-stack - type: string - links: - description: A list of links to add to the event. - items: - type: object - properties: - href: - description: The URL for the link. - type: string - text: - description: A plain text description of the purpose of the link. - type: string - type: array - severity: - default: info - description: The severity of the event on the affected system. - enum: - - critical - - error - - info - - warning - type: string - source: - description: > - The affected system, such as a hostname or fully qualified domain - name. Defaults to the Kibana saved object id of the action. - type: string - summary: - description: A summery of the event. - maxLength: 1024 - type: string - timestamp: - description: >- - An ISO-8601 timestamp that indicates when the event was detected or - generated. - format: date-time - type: string - required: - - eventAction - title: PagerDuty connector parameters - type: object - Connectors_run_connector_request: - description: The properties vary depending on the connector type. - properties: - params: - oneOf: - - $ref: >- - #/components/schemas/Connectors_run_connector_params_acknowledge_resolve_pagerduty - - $ref: '#/components/schemas/Connectors_run_connector_params_documents' - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_email - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_serverlog - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_slack - - $ref: >- - #/components/schemas/Connectors_run_connector_params_trigger_pagerduty - - description: Test an action that involves a subaction. - discriminator: - mapping: - addEvent: >- - #/components/schemas/Connectors_run_connector_subaction_addevent - closeAlert: >- - #/components/schemas/Connectors_run_connector_subaction_closealert - closeIncident: >- - #/components/schemas/Connectors_run_connector_subaction_closeincident - createAlert: >- - #/components/schemas/Connectors_run_connector_subaction_createalert - fieldsByIssueType: >- - #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype - getChoices: >- - #/components/schemas/Connectors_run_connector_subaction_getchoices - getFields: >- - #/components/schemas/Connectors_run_connector_subaction_getfields - getIncident: >- - #/components/schemas/Connectors_run_connector_subaction_getincident - issue: >- - #/components/schemas/Connectors_run_connector_subaction_issue - issues: >- - #/components/schemas/Connectors_run_connector_subaction_issues - issueTypes: >- - #/components/schemas/Connectors_run_connector_subaction_issuetypes - pushToService: >- - #/components/schemas/Connectors_run_connector_subaction_pushtoservice - propertyName: subAction - oneOf: - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_addevent - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_closealert - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_closeincident - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_createalert - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getchoices - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getfields - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getincident - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issue - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issues - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issuetypes - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_postmessage - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_pushtoservice - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_validchannelid - title: Subaction parameters - required: - - params - title: Run connector request body properties - type: object - Connectors_run_connector_subaction_addevent: - description: The `addEvent` subaction for ServiceNow ITOM connectors. - title: The addEvent subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - addEvent - type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - additional_info: - description: Additional information about the event. - type: string - description: - description: The details about the event. - type: string - event_class: - description: A specific instance of the source. - type: string - message_key: - description: >- - All actions sharing this key are associated with the same - ServiceNow alert. The default value is `:`. - type: string - metric_name: - description: The name of the metric. - type: string - node: - description: The host that the event was triggered for. - type: string - resource: - description: The name of the resource. - type: string - severity: - description: The severity of the event. - type: string - source: - description: The name of the event source type. - type: string - time_of_event: - description: The time of the event. - type: string - type: - description: The type of event. - type: string - required: - - subAction - Connectors_run_connector_subaction_closealert: - description: The `closeAlert` subaction for Opsgenie connectors. - title: The closeAlert subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - closeAlert - type: string - subActionParams: - type: object - properties: - alias: - description: >- - The unique identifier used for alert deduplication in Opsgenie. - The alias must match the value used when creating the alert. - type: string - note: - description: Additional information for the alert. - type: string - source: - description: The display name for the source of the alert. - type: string - user: - description: The display name for the owner. - type: string - required: - - alias - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_closeincident: - description: The `closeIncident` subaction for ServiceNow ITSM connectors. - title: The closeIncident subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - closeIncident - type: string - subActionParams: - type: object - properties: - incident: - anyOf: - - required: - - correlation_id - - required: - - externalId - type: object - properties: - correlation_id: - default: '{{rule.id}}:{{alert.id}}' - description: > - An identifier that is assigned to the incident when it is - created by the connector. NOTE: If you use the default value - and the rule generates multiple alerts that use the same - alert IDs, the latest open incident for this correlation ID - is closed unless you specify the external ID. - maxLength: 100 - nullable: true - type: string - externalId: - description: >- - The unique identifier (`incidentId`) for the incident in - ServiceNow. - nullable: true - type: string - required: - - incident - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_createalert: - description: The `createAlert` subaction for Opsgenie connectors. - title: The createAlert subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - createAlert - type: string - subActionParams: - type: object - properties: - actions: - description: The custom actions available to the alert. - items: - type: string - type: array - alias: - description: The unique identifier used for alert deduplication in Opsgenie. - type: string - description: - description: >- - A description that provides detailed information about the - alert. - type: string - details: - additionalProperties: true - description: The custom properties of the alert. - example: - key1: value1 - key2: value2 - type: object - entity: - description: >- - The domain of the alert. For example, the application or server - name. - type: string - message: - description: The alert message. - type: string - note: - description: Additional information for the alert. - type: string - priority: - description: The priority level for the alert. - enum: - - P1 - - P2 - - P3 - - P4 - - P5 - type: string - responders: - description: > - The entities to receive notifications about the alert. If `type` - is `user`, either `id` or `username` is required. If `type` is - `team`, either `id` or `name` is required. - items: - type: object - properties: - id: - description: The identifier for the entity. - type: string - name: - description: The name of the entity. - type: string - type: - description: 'The type of responders, in this case `escalation`.' - enum: - - escalation - - schedule - - team - - user - type: string - username: - description: A valid email address for the user. - type: string - type: array - source: - description: The display name for the source of the alert. - type: string - tags: - description: The tags for the alert. - items: - type: string - type: array - user: - description: The display name for the owner. - type: string - visibleTo: - description: >- - The teams and users that the alert will be visible to without - sending a notification. Only one of `id`, `name`, or `username` - is required. - items: - type: object - properties: - id: - description: The identifier for the entity. - type: string - name: - description: The name of the entity. - type: string - type: - description: Valid values are `team` and `user`. - enum: - - team - - user - type: string - username: - description: >- - The user name. This property is required only when the - `type` is `user`. - type: string - required: - - type - type: array - required: - - message - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_fieldsbyissuetype: - description: The `fieldsByIssueType` subaction for Jira connectors. - title: The fieldsByIssueType subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - fieldsByIssueType - type: string - subActionParams: - type: object - properties: - id: - description: The Jira issue type identifier. - example: 10024 - type: string - required: - - id - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_getchoices: - description: >- - The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors. - title: The getChoices subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - getChoices - type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - fields: - description: An array of fields. - items: - type: string - type: array - required: - - fields - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_getfields: - description: >- - The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow - SecOps connectors. - title: The getFields subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - getFields - type: string - required: - - subAction - Connectors_run_connector_subaction_getincident: - description: >- - The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow - SecOps connectors. - properties: - subAction: - description: The action to test. - enum: - - getIncident - type: string - subActionParams: - type: object - properties: - externalId: - description: >- - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue - identifier. - example: 71778 - type: string - required: - - externalId - required: - - subAction - - subActionParams - title: The getIncident subaction - type: object - Connectors_run_connector_subaction_issue: - description: The `issue` subaction for Jira connectors. - title: The issue subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - issue - type: string - subActionParams: - type: object - properties: - id: - description: The Jira issue identifier. - example: 71778 - type: string - required: - - id - required: - - subAction - Connectors_run_connector_subaction_issues: - description: The `issues` subaction for Jira connectors. - title: The issues subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - issues - type: string - subActionParams: - type: object - properties: - title: - description: The title of the Jira issue. - type: string - required: - - title - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_issuetypes: - description: The `issueTypes` subaction for Jira connectors. - title: The issueTypes subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - issueTypes - type: string - required: - - subAction - Connectors_run_connector_subaction_postmessage: - description: > - Test an action that sends a message to Slack. It is applicable only when - the connector type is `.slack_api`. - properties: - subAction: - description: The action to test. - enum: - - postMessage - type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - channelIds: - description: > - The Slack channel identifier, which must be one of the - `allowedChannels` in the connector configuration. - items: - type: string - maxItems: 1 - type: array - channels: - deprecated: true - description: | - The name of a channel that your Slack app has access to. - items: - type: string - maxItems: 1 - type: array - text: - description: > - The Slack message text. If it is a Slack webhook connector, the - text cannot contain Markdown, images, or other advanced - formatting. If it is a Slack web API connector, it can contain - either plain text or block kit messages. - minLength: 1 - type: string - required: - - subAction - - subActionParams - title: The postMessage subaction - type: object - Connectors_run_connector_subaction_pushtoservice: - description: >- - The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow - SecOps, Swimlane, and Webhook - Case Management connectors. - title: The pushToService subaction - type: object - properties: - subAction: - description: The action to test. - enum: - - pushToService - type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - comments: - description: >- - Additional information that is sent to Jira, ServiceNow ITSM, - ServiceNow SecOps, or Swimlane. - items: - type: object - properties: - comment: - description: >- - A comment related to the incident. For example, describe - how to troubleshoot the issue. - type: string - commentId: - description: A unique identifier for the comment. - type: integer - type: array - incident: - description: >- - Information necessary to create or update a Jira, ServiceNow - ITSM, ServiveNow SecOps, or Swimlane incident. - type: object - properties: - alertId: - description: The alert identifier for Swimlane connectors. - type: string - caseId: - description: >- - The case identifier for the incident for Swimlane - connectors. - type: string - caseName: - description: The case name for the incident for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - correlation_display: - description: >- - A descriptive label of the alert for correlation purposes - for ServiceNow ITSM and ServiceNow SecOps connectors. - type: string - correlation_id: - description: > - The correlation identifier for the security incident for - ServiceNow ITSM and ServiveNow SecOps connectors. Connectors - using the same correlation ID are associated with the same - ServiceNow incident. This value determines whether a new - ServiceNow incident is created or an existing one is - updated. Modifying this value is optional; if not modified, - the rule ID and alert ID are combined as `{{ruleID}}:{{alert - ID}}` to form the correlation ID value in ServiceNow. The - maximum character length for this value is 100 characters. - NOTE: Using the default configuration of `{{ruleID}}:{{alert - ID}}` ensures that ServiceNow creates a separate incident - record for every generated alert that uses a unique alert - ID. If the rule generates multiple alerts that use the same - alert IDs, ServiceNow creates and continually updates a - single incident record for the alert. - type: string - description: - description: >- - The description of the incident for Jira, ServiceNow ITSM, - ServiceNow SecOps, Swimlane, and Webhook - Case Management - connectors. - type: string - dest_ip: - description: > - A list of destination IP addresses related to the security - incident for ServiceNow SecOps connectors. The IPs are added - as observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - externalId: - description: > - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue - identifier. If present, the incident is updated. Otherwise, - a new incident is created. - type: string - id: - description: >- - The external case identifier for Webhook - Case Management - connectors. - type: string - impact: - description: The impact of the incident for ServiceNow ITSM connectors. - type: string - issueType: - description: >- - The type of incident for Jira connectors. For example, - 10006. To obtain the list of valid values, set `subAction` - to `issueTypes`. - type: integer - labels: - description: > - The labels for the incident for Jira connectors. NOTE: - Labels cannot contain spaces. - items: - type: string - type: array - malware_hash: - description: >- - A list of malware hashes related to the security incident - for ServiceNow SecOps connectors. The hashes are added as - observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - malware_url: - description: >- - A list of malware URLs related to the security incident for - ServiceNow SecOps connectors. The URLs are added as - observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - type: string - otherFields: - additionalProperties: true - description: > - Custom field identifiers and their values for Jira - connectors. - maxProperties: 20 - type: object - parent: - description: >- - The ID or key of the parent issue for Jira connectors. - Applies only to `Sub-task` types of issues. - type: string - priority: - description: >- - The priority of the incident in Jira and ServiceNow SecOps - connectors. - type: string - ruleName: - description: The rule name for Swimlane connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM and - Swimlane connectors. - type: string - short_description: - description: > - A short description of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. It is used for searching the - contents of the knowledge base. - type: string - source_ip: - description: >- - A list of source IP addresses related to the security - incident for ServiceNow SecOps connectors. The IPs are added - as observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - status: - description: >- - The status of the incident for Webhook - Case Management - connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - summary: - description: A summary of the incident for Jira connectors. - type: string - tags: - description: A list of tags for Webhook - Case Management connectors. - items: - type: string - type: array - title: - description: > - A title for the incident for Jira and Webhook - Case - Management connectors. It is used for searching the contents - of the knowledge base. - type: string - urgency: - description: The urgency of the incident for ServiceNow ITSM connectors. - type: string - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_validchannelid: - description: > - Retrieves information about a valid Slack channel identifier. It is - applicable only when the connector type is `.slack_api`. - properties: - subAction: - description: The action to test. - enum: - - validChannelId - type: string - subActionParams: - type: object - properties: - channelId: - description: The Slack channel identifier. - example: C123ABC456 - type: string - required: - - channelId - required: - - subAction - - subActionParams - title: The validChannelId subaction - type: object - Connectors_secrets_properties_bedrock: - description: Defines secrets for connectors when type is `.bedrock`. - properties: - accessKey: - description: The AWS access key for authentication. - type: string - secret: - description: The AWS secret for authentication. - type: string - required: - - accessKey - - secret - title: Connector secrets properties for an Amazon Bedrock connector - type: object - Connectors_secrets_properties_cases_webhook: - title: Connector secrets properties for Webhook - Case Management connector - type: object - properties: - crt: - $ref: '#/components/schemas/Connectors_crt' - key: - $ref: '#/components/schemas/Connectors_key' - password: - description: > - The password for HTTP basic authentication. If `hasAuth` is set to - `true` and and `authType` is `webhook-authentication-basic`, this - property is required. - type: string - pfx: - $ref: '#/components/schemas/Connectors_pfx' - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true` and `authType` is `webhook-authentication-basic`, this - property is required. - type: string - Connectors_secrets_properties_d3security: - description: Defines secrets for connectors when type is `.d3security`. - type: object - properties: - token: - description: The D3 Security token. - type: string - required: - - token - title: Connector secrets properties for a D3 Security connector - Connectors_secrets_properties_email: - description: Defines secrets for connectors when type is `.email`. - properties: - clientSecret: - description: > - The Microsoft Exchange Client secret for OAuth 2.0 client - credentials authentication. It must be URL-encoded. If `service` is - `exchange_server`, this property is required. - type: string - password: - description: > - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - type: string - title: Connector secrets properties for an email connector - type: object - Connectors_secrets_properties_gemini: - description: Defines secrets for connectors when type is `.gemini`. - properties: - credentialsJSON: - description: >- - The service account credentials JSON file. The service account - should have Vertex AI user IAM role assigned to it. - type: string - required: - - credentialsJSON - title: Connector secrets properties for a Google Gemini connector - type: object - Connectors_secrets_properties_genai: - description: Defines secrets for connectors when type is `.gen-ai`. - properties: - apiKey: - description: The OpenAI API key. - type: string - title: Connector secrets properties for an OpenAI connector - type: object - Connectors_secrets_properties_jira: - description: Defines secrets for connectors when type is `.jira`. - type: object - properties: - apiToken: - description: The Jira API authentication token for HTTP basic authentication. - type: string - email: - description: The account email for HTTP Basic authentication. - type: string - required: - - apiToken - - email - title: Connector secrets properties for a Jira connector - Connectors_secrets_properties_opsgenie: - description: Defines secrets for connectors when type is `.opsgenie`. - type: object - properties: - apiKey: - description: The Opsgenie API authentication key for HTTP Basic authentication. - type: string - required: - - apiKey - title: Connector secrets properties for an Opsgenie connector - Connectors_secrets_properties_pagerduty: - description: Defines secrets for connectors when type is `.pagerduty`. - properties: - routingKey: - description: > - A 32 character PagerDuty Integration Key for an integration on a - service. - type: string - required: - - routingKey - title: Connector secrets properties for a PagerDuty connector - type: object - Connectors_secrets_properties_resilient: - description: Defines secrets for connectors when type is `.resilient`. - type: object - properties: - apiKeyId: - description: The authentication key ID for HTTP Basic authentication. - type: string - apiKeySecret: - description: The authentication key secret for HTTP Basic authentication. - type: string - required: - - apiKeyId - - apiKeySecret - title: Connector secrets properties for IBM Resilient connector - Connectors_secrets_properties_sentinelone: - description: Defines secrets for connectors when type is `.sentinelone`. - properties: - token: - description: The A SentinelOne API token. - type: string - required: - - token - title: Connector secrets properties for a SentinelOne connector - type: object - Connectors_secrets_properties_servicenow: - description: >- - Defines secrets for connectors when type is `.servicenow`, - `.servicenow-sir`, or `.servicenow-itom`. - properties: - clientSecret: - description: >- - The client secret assigned to your OAuth application. This property - is required when `isOAuth` is `true`. - type: string - password: - description: >- - The password for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - type: string - privateKey: - description: >- - The RSA private key that you created for use in ServiceNow. This - property is required when `isOAuth` is `true`. - type: string - privateKeyPassword: - description: >- - The password for the RSA private key. This property is required when - `isOAuth` is `true` and you set a password on your private key. - type: string - username: - description: >- - The username for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - type: string - title: >- - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors - type: object - Connectors_secrets_properties_slack_api: - description: Defines secrets for connectors when type is `.slack`. - type: object - properties: - token: - description: Slack bot user OAuth token. - type: string - required: - - token - title: Connector secrets properties for a Web API Slack connector - Connectors_secrets_properties_slack_webhook: - description: Defines secrets for connectors when type is `.slack`. - type: object - properties: - webhookUrl: - description: Slack webhook url. - type: string - required: - - webhookUrl - title: Connector secrets properties for a Webhook Slack connector - Connectors_secrets_properties_swimlane: - description: Defines secrets for connectors when type is `.swimlane`. - properties: - apiToken: - description: Swimlane API authentication token. - type: string - title: Connector secrets properties for a Swimlane connector - type: object - Connectors_secrets_properties_teams: - description: Defines secrets for connectors when type is `.teams`. - properties: - webhookUrl: - description: > - The URL of the incoming webhook. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - webhookUrl - title: Connector secrets properties for a Microsoft Teams connector - type: object - Connectors_secrets_properties_tines: - description: Defines secrets for connectors when type is `.tines`. - properties: - email: - description: The email used to sign in to Tines. - type: string - token: - description: The Tines API token. - type: string - required: - - email - - token - title: Connector secrets properties for a Tines connector - type: object - Connectors_secrets_properties_torq: - description: Defines secrets for connectors when type is `.torq`. - properties: - token: - description: The secret of the webhook authentication header. - type: string - required: - - token - title: Connector secrets properties for a Torq connector - type: object - Connectors_secrets_properties_webhook: - description: Defines secrets for connectors when type is `.webhook`. - properties: - crt: - $ref: '#/components/schemas/Connectors_crt' - key: - $ref: '#/components/schemas/Connectors_key' - password: - description: > - The password for HTTP basic authentication or the passphrase for the - SSL certificate files. If `hasAuth` is set to `true` and `authType` - is `webhook-authentication-basic`, this property is required. - type: string - pfx: - $ref: '#/components/schemas/Connectors_pfx' - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true` and `authType` is `webhook-authentication-basic`, this - property is required. - type: string - title: Connector secrets properties for a Webhook connector - type: object - Connectors_secrets_properties_xmatters: - description: Defines secrets for connectors when type is `.xmatters`. - properties: - password: - description: > - A user name for HTTP basic authentication. It is applicable only - when `usesBasic` is `true`. - type: string - secretsUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters with the - API key included in the URL. It is applicable only when `usesBasic` - is `false`. - type: string - user: - description: > - A password for HTTP basic authentication. It is applicable only when - `usesBasic` is `true`. - type: string - title: Connector secrets properties for an xMatters connector - type: object - Connectors_update_connector_request: - description: The properties vary depending on the connector type. - oneOf: - - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_update_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_update_connector_request_index' - - $ref: '#/components/schemas/Connectors_update_connector_request_jira' - - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_servicenow_itom - - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_update_connector_request_teams' - - $ref: '#/components/schemas/Connectors_update_connector_request_tines' - - $ref: '#/components/schemas/Connectors_update_connector_request_torq' - - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' - title: Update connector request body properties - Connectors_update_connector_request_bedrock: - title: Update Amazon Bedrock connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - name - Connectors_update_connector_request_cases_webhook: - title: Update Webhook - Case Managment connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - name - Connectors_update_connector_request_d3security: - title: Update D3 Security connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - name - - secrets - Connectors_update_connector_request_email: - title: Update email connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - name - Connectors_update_connector_request_gemini: - title: Update Google Gemini connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - required: - - config - - name - Connectors_update_connector_request_index: - title: Update index connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - name: - description: The display name for the connector. - type: string - required: - - config - - name - Connectors_update_connector_request_jira: - title: Update Jira connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - required: - - config - - name - - secrets - Connectors_update_connector_request_opsgenie: - title: Update Opsgenie connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - name - - secrets - Connectors_update_connector_request_pagerduty: - title: Update PagerDuty connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - required: - - config - - name - - secrets - Connectors_update_connector_request_resilient: - title: Update IBM Resilient connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - name - - secrets - Connectors_update_connector_request_sentinelone: - title: Update SentinelOne connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - required: - - config - - name - - secrets - Connectors_update_connector_request_serverlog: - title: Update server log connector request - type: object - properties: - name: - description: The display name for the connector. + The current comment version. To retrieve version values, use the get + comments API. + example: Wzk1LDFd type: string required: - - name - Connectors_update_connector_request_servicenow: - title: Update ServiceNow ITSM connector or ServiceNow SecOps request + - comment + - id + - owner + - type + - version + title: Update case comment request properties for user comments type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - name - - secrets - Connectors_update_connector_request_servicenow_itom: - title: Create ServiceNow ITOM connector request + Cases_user_actions_find_response_properties: type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - name: - description: The display name for the connector. + action: + $ref: '#/components/schemas/Cases_actions' + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - name - - secrets - Connectors_update_connector_request_slack_api: - title: Update Slack connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - name: - description: The display name for the connector. + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - name - - secrets - Connectors_update_connector_request_slack_webhook: - title: Update Slack connector request - type: object - properties: - name: - description: The display name for the connector. + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + id: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - name - - secrets - Connectors_update_connector_request_swimlane: - title: Update Swimlane connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - name: - description: The display name for the connector. - example: my-connector + owner: + $ref: '#/components/schemas/Cases_owners' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - name - - secrets - Connectors_update_connector_request_teams: - title: Update Microsoft Teams connector request - type: object - properties: - name: - description: The display name for the connector. + version: + example: WzM1ODg4LDFd type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' required: - - name - - secrets - Connectors_update_connector_request_tines: - title: Update Tines connector request + - action + - comment_id + - created_at + - created_by + - id + - owner + - payload + - type + - version + Cases_user_actions_response_properties: type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - name: - description: The display name for the connector. + action: + $ref: '#/components/schemas/Cases_actions' + action_id: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - required: - - config - - name - - secrets - Connectors_update_connector_request_torq: - title: Update Torq connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - name: - description: The display name for the connector. + case_id: + example: 22df07d0-03b1-11ed-920c-974bfa104448 type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - name - - secrets - Connectors_update_connector_request_webhook: - title: Update Webhook connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - name: - description: The display name for the connector. + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + owner: + $ref: '#/components/schemas/Cases_owners' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + $ref: '#/components/schemas/Cases_action_types' required: - - config - - name - - secrets - Connectors_update_connector_request_xmatters: - title: Update xMatters connector request + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type + Cases_user_comment_response_properties: + title: Case response properties for user comments type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - name: - description: The display name for the connector. + comment: + example: A new comment. + type: string + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + id: + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + pushed_at: + example: null + format: date-time + nullable: true + type: string + pushed_by: + $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' + type: + enum: + - user + example: user + type: string + updated_at: + example: null + format: date-time + nullable: true + type: string + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: + example: WzIwNDMxLDFd type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' required: - - config - - name - - secrets - Connectors_verification_mode: - default: full - description: > - Controls the verification of certificates. Use `full` to validate that - the certificate has an issue date within the `not_before` and - `not_after` dates, chains to a trusted certificate authority (CA), and - has a hostname or IP address that matches the names within the - certificate. Use `certificate` to validate the certificate and verify - that it is signed by a trusted authority; this option does not check the - certificate hostname. Use `none` to skip certificate validation. - enum: - - certificate - - full - - none - title: Verification mode - type: string + - type Data_views_400_response: title: Bad request type: object @@ -24173,18 +19524,25 @@ components: type: object properties: active: + description: >- + When false, the enrollment API key is revoked and cannot be used for + enrolling Elastic Agents. type: boolean api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: + description: The ID of the API key in the Security API. type: string created_at: type: string id: type: string name: + description: The name of the enrollment API key. type: string policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id @@ -24841,6 +20199,7 @@ components: - version policy_id: deprecated: true + nullable: true type: string policy_ids: items: @@ -25725,6 +21084,11 @@ components: policy's namespace. example: customnamespace type: string + output_id: + description: Output ID to send package data to + example: output-id + nullable: true + type: string overrides: description: >- Override settings that are defined in the package policy. The @@ -25753,6 +21117,7 @@ components: deprecated: true description: Agent policy ID where that package policy will be added example: agent-policy-id + nullable: true type: string policy_ids: description: Agent policy IDs where that package policy will be added @@ -27603,8 +22968,7 @@ tags: name: APM annotations - description: Case APIs enable you to open and track issues. name: cases - - description: Connector APIs enable you to create and manage connectors. - name: connectors + - name: connectors - name: Data streams - description: >- Data view APIs enable you to manage data views, formerly known as Kibana