mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
(cherry picked from commit 7649b00689)
This commit is contained in:
Lisa Cawley
GitHub
parent
6824d89493
commit
4110baf767
2 changed files with 100 additions and 64 deletions
|
|
@ -208,7 +208,6 @@ The API returns the following:
|
|||
},
|
||||
"rule_type_id": ".index-threshold",
|
||||
"scheduled_task_id": "425b0800-6bca-11eb-9e0d-85d233e3ee35",
|
||||
"snooze_schedule":[],
|
||||
"created_by": "elastic",
|
||||
"updated_by": "elastic",
|
||||
"created_at": "2022-06-08T17:20:31.632Z",
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
[[update-rule-api]]
|
||||
=== Update rule API
|
||||
== Update rule API
|
||||
++++
|
||||
<titleabbrev>Update rule</titleabbrev>
|
||||
++++
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
Update the attributes for an existing rule.
|
||||
|
||||
[[update-rule-api-request]]
|
||||
==== Request
|
||||
=== {api-request-title}
|
||||
|
||||
`PUT <kibana host>:<port>/api/alerting/rule/<id>`
|
||||
|
||||
|
|
@ -33,83 +33,109 @@ features, *{observability}*, or *Security* features. If the rule has
|
|||
Thereafter, when the rule performs queries, it uses those security privileges.
|
||||
If you have different privileges than the user that created or most recently
|
||||
updated the rule, you might change its behavior.
|
||||
* Though some properties are optional, when you update the rule the existing
|
||||
property values are overwritten with default values. Therefore, it is
|
||||
recommended to explicitly set all property values.
|
||||
====
|
||||
|
||||
[[update-rule-api-path-params]]
|
||||
==== Path parameters
|
||||
=== {api-path-parms-title}
|
||||
|
||||
`id`::
|
||||
(Required, string) The ID of the rule that you want to update.
|
||||
(Required, string) The ID of the rule that you want to update.
|
||||
|
||||
`space_id`::
|
||||
(Optional, string) An identifier for the space. If `space_id` is not provided in the URL, the default space is used.
|
||||
(Optional, string) An identifier for the space. If `space_id` is not provided in
|
||||
the URL, the default space is used.
|
||||
|
||||
[role="child_attributes"]
|
||||
[[update-rule-api-request-body]]
|
||||
==== Request body
|
||||
|
||||
`name`::
|
||||
(Required, string) A name to reference and search.
|
||||
|
||||
`tags`::
|
||||
(Optional, string array) A list of keywords to reference and search.
|
||||
|
||||
`schedule`::
|
||||
(Required, object) When to run this rule. Use one of the available schedule formats.
|
||||
+
|
||||
._Schedule Formats_.
|
||||
[%collapsible%open]
|
||||
=====
|
||||
A schedule uses a key: value format. {kib} currently supports the _Interval format_ , which specifies the interval in seconds, minutes, hours, or days at which to execute the rule.
|
||||
|
||||
Example: `{ interval: "10s" }`, `{ interval: "5m" }`, `{ interval: "1h" }`, `{ interval: "1d" }`.
|
||||
|
||||
=====
|
||||
|
||||
`throttle`::
|
||||
(Optional, string) How often this rule should fire the same actions. This will prevent the rule from sending out the same notification over and over. For example, if a rule with a `schedule` of 1 minute stays in a triggered state for 90 minutes, setting a `throttle` of `10m` or `1h` will prevent it from sending 90 notifications during this period.
|
||||
|
||||
`notify_when`::
|
||||
(Required, string) The condition for throttling the notification: `onActionGroupChange`, `onActiveAlert`, or `onThrottleInterval`.
|
||||
|
||||
`params`::
|
||||
(Required, object) The parameters to pass to the rule type executor `params` value. This will also validate against the rule type params validator, if defined.
|
||||
=== {api-request-body-title}
|
||||
|
||||
`actions`::
|
||||
(Optional, object array) An array of the following action objects.
|
||||
(Optional, object array) An array of action objects. The default value is an
|
||||
empty array (`[]`).
|
||||
+
|
||||
.Properties of the action objects:
|
||||
[%collapsible%open]
|
||||
=====
|
||||
`group`:::
|
||||
(Required, string) Grouping actions is recommended for escalations for different types of alerts. If you don't need this, set the value to `default`.
|
||||
`group`:::
|
||||
(Required, string) Grouping actions is recommended for escalations for different
|
||||
types of alerts. If you don't need this, set the value to `default`.
|
||||
|
||||
`id`:::
|
||||
(Required, string) The ID of the action that saved object executes.
|
||||
`id`:::
|
||||
(Required, string) The identifier of the action.
|
||||
|
||||
`params`:::
|
||||
(Required, object) The map to the `params` that the <<action-types,connector type>> will receive. `params` are handled as Mustache templates and passed a default set of context.
|
||||
`params`:::
|
||||
(Required, object) The map to the `params` that the
|
||||
<<action-types,connector type>> will receive. The `params` are handled as
|
||||
Mustache templates and passed a default set of context.
|
||||
=====
|
||||
|
||||
`name`::
|
||||
(Required, string) A name to reference and search.
|
||||
|
||||
`notify_when`::
|
||||
(Required, string) The condition for throttling the notification:
|
||||
`onActionGroupChange`, `onActiveAlert`, or `onThrottleInterval`.
|
||||
|
||||
`params`::
|
||||
(Required, object) The parameters to pass to the rule type executor `params`
|
||||
value. This will also validate against the rule type params validator, if defined.
|
||||
|
||||
`schedule`::
|
||||
(Required, object) When to run this rule. Use one of the available schedule formats.
|
||||
+
|
||||
.Schedule formats
|
||||
[%collapsible%open]
|
||||
=====
|
||||
A schedule uses a `key: value` format. {kib} currently supports the
|
||||
_interval format_, which specifies the interval in seconds, minutes, hours, or
|
||||
days at which to run the rule. For example: `{ "interval": "10s" }`,
|
||||
`{ "interval": "5m" }`, `{ "interval": "1h" }`, or `{ "interval": "1d" }`.
|
||||
|
||||
=====
|
||||
|
||||
`tags`::
|
||||
(Optional, string array) A list of keywords to reference and search. The default
|
||||
value is an empty array (`[]`).
|
||||
|
||||
`throttle`::
|
||||
(Optional, string) How often this rule should fire the same actions. This will
|
||||
prevent the rule from sending out the same notification over and over. For
|
||||
example, if a rule with a `schedule` of 1 minute stays in a triggered state for
|
||||
90 minutes, setting a `throttle` of `10m` or `1h` will prevent it from sending
|
||||
90 notifications during this period. The default value is `null`.
|
||||
|
||||
[[update-rule-api-response-codes]]
|
||||
==== Response code
|
||||
=== {api-response-codes-title}
|
||||
|
||||
`200`::
|
||||
Indicates a successful call.
|
||||
Indicates a successful call.
|
||||
|
||||
[[update-rule-api-example]]
|
||||
==== Example
|
||||
=== {api-examples-title}
|
||||
|
||||
Update a rule with ID `ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74` with a different name:
|
||||
Update an index threshold rule with ID `ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74`:
|
||||
|
||||
[source,sh]
|
||||
--------------------------------------------------
|
||||
$ curl -X PUT api/alerting/rule/ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
|
||||
|
||||
PUT api/alerting/rule/ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
|
||||
{
|
||||
"notify_when": "onActionGroupChange",
|
||||
"params": {
|
||||
"aggType": "avg",
|
||||
"index":[".test-index"],
|
||||
"timeField":"@timestamp",
|
||||
"groupBy":"top",
|
||||
"aggType":"avg",
|
||||
"timeWindowSize":5,
|
||||
"timeWindowUnit":"m",
|
||||
"thresholdComparator":">",
|
||||
"threshold":[1000],
|
||||
"aggType":"avg",
|
||||
"aggField":"sheet.version",
|
||||
"termField":"name.keyword",
|
||||
"termSize":6
|
||||
},
|
||||
"schedule": {
|
||||
"interval": "1m"
|
||||
|
|
@ -117,7 +143,7 @@ $ curl -X PUT api/alerting/rule/ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
|
|||
"actions": [],
|
||||
"tags": [],
|
||||
"name": "new name",
|
||||
"throttle": null,
|
||||
"throttle": null
|
||||
}
|
||||
--------------------------------------------------
|
||||
// KIBANA
|
||||
|
|
@ -128,31 +154,42 @@ The API returns the following:
|
|||
--------------------------------------------------
|
||||
{
|
||||
"id": "ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74",
|
||||
"notify_when": "onActionGroupChange",
|
||||
"params": {
|
||||
"aggType": "avg",
|
||||
},
|
||||
"consumer": "alerts",
|
||||
"rule_type_id": "test.rule.type",
|
||||
"schedule": {
|
||||
"interval": "1m"
|
||||
},
|
||||
"actions": [],
|
||||
"tags": [],
|
||||
"name": "new name",
|
||||
"enabled": true,
|
||||
"throttle": null,
|
||||
"schedule": {
|
||||
"interval": "1m"
|
||||
},
|
||||
"params": {
|
||||
"index": [".updated-index"],
|
||||
"timeField": "@timestamp",
|
||||
"groupBy": "top",
|
||||
"aggType": "avg",
|
||||
"timeWindowSize": 5,
|
||||
"timeWindowUnit": "m",
|
||||
"thresholdComparator": ">",
|
||||
"threshold": [1000],
|
||||
"aggField": "sheet.version",
|
||||
"termField": "name.keyword",
|
||||
"termSize": 6
|
||||
},
|
||||
"api_key_owner": "elastic",
|
||||
"created_by": "elastic",
|
||||
"updated_by": "elastic",
|
||||
"rule_type_id": ".index-threshold",
|
||||
"scheduled_task_id": "4c5eda00-e74f-11ec-b72f-5b18752ff9ea",
|
||||
"created_at": "2022-06-08T17:20:31.632Z",
|
||||
"updated_at": "2022-06-09T23:36:36.090Z",
|
||||
"notify_when": "onActionGroupChange",
|
||||
"mute_all": false,
|
||||
"muted_alert_ids": [],
|
||||
"updated_at": "2021-02-10T05:37:19.086Z",
|
||||
"created_at": "2021-02-10T05:37:19.086Z",
|
||||
"scheduled_task_id": "0b092d90-6b62-11eb-9e0d-85d233e3ee35",
|
||||
"execution_status": {
|
||||
"last_execution_date": "2021-02-10T17:55:14.262Z",
|
||||
"status": "ok"
|
||||
}
|
||||
"status": "ok",
|
||||
"last_execution_date": "2022-06-09T23:36:17.332Z",
|
||||
"last_duration": 577
|
||||
},
|
||||
"actions":[]
|
||||
}
|
||||
--------------------------------------------------
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue