github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Create open API specification for update rule (#147407)

Browse source
This commit is contained in:
Lisa Cawley 2023-01-10 09:27:58 -08:00 committed by GitHub
parent 30b8a2d0ff
commit d35296ea3b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 1920 additions and 617 deletions
Download patch file Download diff file Expand all files Collapse all files

460
docs/api-generated/rules/rule-apis-passthru.asciidoc
View file

@ -18,10 +18,52 @@ Any modifications made to this file will be overwritten.
<div class="method-summary"></div>
<h4><a href="#Alerting">Alerting</a></h4>
<ul>
<li><a href="#deleteRule"><code><span class="http-method">delete</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></a></li>
<li><a href="#findRules"><code><span class="http-method">get</span> /s/{spaceId}/api/alerting/rules/_find</code></a></li>
<li><a href="#getRule"><code><span class="http-method">get</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></a></li>
<li><a href="#updateRule"><code><span class="http-method">put</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></a></li>
</ul>
<h1><a name="Alerting">Alerting</a></h1>
<div class="method"><a name="deleteRule"/>
<div class="method-path">
<a class="up" href="#__Methods">Up</a>
<pre class="delete"><code class="huge"><span class="http-method">delete</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></pre></div>
<div class="method-summary">Deletes a rule. (<span class="nickname">deleteRule</span>)</div>
<div class="method-notes">You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're deleting. For example, the <strong>Management</strong> &gt; <strong>Stack Rules</strong> feature, <strong>Analytics</strong> &gt; <strong>Discover</strong> or <strong>Machine Learning</strong> features, <strong>Observability</strong>, or <strong>Security</strong> features. WARNING: After you delete a rule, you cannot recover it.</div>
<h3 class="field-label">Path parameters</h3>
<div class="field-items">
<div class="param">ruleId (required)</div>
<div class="param-desc"><span class="param-type">Path Parameter</span> &mdash; An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
<div class="param-desc"><span class="param-type">Path Parameter</span> &mdash; An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
</div> <!-- field-items -->
<h3 class="field-label">Request headers</h3>
<div class="field-items">
<div class="param">kbn-xsrf (required)</div>
<div class="param-desc"><span class="param-type">Header Parameter</span> &mdash; default: null </div>
</div> <!-- field-items -->
<!--Todo: process Response Object and its headers, schema, examples -->
<h3 class="field-label">Responses</h3>
<h4 class="field-label">204</h4>
Indicates a successful call.
<a href="#"></a>
</div> <!-- method -->
<hr/>
<div class="method"><a name="findRules"/>
<div class="method-path">
<a class="up" href="#__Methods">Up</a>
@ -76,17 +118,17 @@ Any modifications made to this file will be overwritten.
<h3 class="field-label">Example data</h3>
<div class="example-data-content-type">Content-Type: application/json</div>
<pre class="example"><code>{
"per_page" : 2,
"total" : 7,
"per_page" : 6,
"total" : 1,
"data" : [ {
"throttle" : "10m",
"created_at" : "2022-12-05T23:36:58.284Z",
"last_run" : {
"alerts_count" : {
"new" : 0,
"ignored" : 6,
"recovered" : 1,
"active" : 5
"new" : 1,
"recovered" : 5,
"active" : 0
},
"outcome_msg" : "outcome_msg",
"warning" : "warning",
@ -136,10 +178,10 @@ Any modifications made to this file will be overwritten.
"created_at" : "2022-12-05T23:36:58.284Z",
"last_run" : {
"alerts_count" : {
"new" : 0,
"ignored" : 6,
"recovered" : 1,
"active" : 5
"new" : 1,
"recovered" : 5,
"active" : 0
},
"outcome_msg" : "outcome_msg",
"warning" : "warning",
@ -185,7 +227,7 @@ Any modifications made to this file will be overwritten.
} ],
"consumer" : "alerts"
} ],
"page" : 5
"page" : 0
}</code></pre>
<h3 class="field-label">Produces</h3>
@ -201,108 +243,261 @@ Any modifications made to this file will be overwritten.
<a href="#findRules_200_response">findRules_200_response</a>
</div> <!-- method -->
<hr/>
<div class="method"><a name="getRule"/>
<div class="method-path">
<a class="up" href="#__Methods">Up</a>
<pre class="get"><code class="huge"><span class="http-method">get</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></pre></div>
<div class="method-summary">Retrieve a rule by its identifier. (<span class="nickname">getRule</span>)</div>
<div class="method-notes">You must have <code>read</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rules you're seeking. For example, the <strong>Management &gt; Stack Rules</strong> feature, <strong>Analytics &gt; Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. To get rules associated with the <strong>Stack Monitoring</strong> feature, use the <code>monitoring_user</code> built-in role.</div>
<h3 class="field-label">Path parameters</h3>
<div class="field-items">
<div class="param">ruleId (required)</div>
<div class="param-desc"><span class="param-type">Path Parameter</span> &mdash; An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
<div class="param-desc"><span class="param-type">Path Parameter</span> &mdash; An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
</div> <!-- field-items -->
<h3 class="field-label">Return type</h3>
<div class="return-type">
<a href="#rule_response_properties">rule_response_properties</a>
</div>
<!--Todo: process Response Object and its headers, schema, examples -->
<h3 class="field-label">Example data</h3>
<div class="example-data-content-type">Content-Type: application/json</div>
<pre class="example"><code>{
"throttle" : "10m",
"created_at" : "2022-12-05T23:36:58.284Z",
"last_run" : {
"alerts_count" : {
"ignored" : 6,
"new" : 1,
"recovered" : 5,
"active" : 0
},
"outcome_msg" : "outcome_msg",
"warning" : "warning",
"outcome" : "succeeded"
},
"params" : {
"key" : ""
},
"created_by" : "elastic",
"enabled" : true,
"muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
"rule_type_id" : "monitoring_alert_cluster_health",
"tags" : [ "tags", "tags" ],
"api_key_owner" : "elastic",
"schedule" : {
"interval" : "1m"
},
"notify_when" : "onActiveAlert",
"next_run" : "2022-12-06T00:14:43.818Z",
"updated_at" : "2022-12-05T23:36:58.284Z",
"execution_status" : {
"last_execution_date" : "2022-12-06T00:13:43.89Z",
"last_duration" : 55,
"status" : "ok"
},
"name" : "cluster_health_rule",
"updated_by" : "elastic",
"scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
"mute_all" : false,
"actions" : [ {
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
"params" : {
"key" : ""
},
"group" : "default"
}, {
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
"params" : {
"key" : ""
},
"group" : "default"
} ],
"consumer" : "alerts"
}</code></pre>
<h3 class="field-label">Produces</h3>
This API call produces the following media types according to the <span class="header">Accept</span> request header;
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
<ul>
<li><code>application/json</code></li>
</ul>
<h3 class="field-label">Responses</h3>
<h4 class="field-label">200</h4>
Indicates a successful call.
<a href="#rule_response_properties">rule_response_properties</a>
</div> <!-- method -->
<hr/>
<div class="method"><a name="updateRule"/>
<div class="method-path">
<a class="up" href="#__Methods">Up</a>
<pre class="put"><code class="huge"><span class="http-method">put</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></pre></div>
<div class="method-summary">Updates the attributes for a rule. (<span class="nickname">updateRule</span>)</div>
<div class="method-notes">You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're updating. For example, you must have privileges for the <strong>Management &gt; Stack rules</strong> feature, <strong>Analytics &gt; Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management &gt; Actions and Connectors</strong> feature. NOTE: This API supports only token-based authentication. When you update a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If you have different privileges than the user that created or most recently updated the rule, you might change its behavior. Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.</div>
<h3 class="field-label">Path parameters</h3>
<div class="field-items">
<div class="param">ruleId (required)</div>
<div class="param-desc"><span class="param-type">Path Parameter</span> &mdash; An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
<div class="param-desc"><span class="param-type">Path Parameter</span> &mdash; An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
</div> <!-- field-items -->
<h3 class="field-label">Consumes</h3>
This API call consumes the following media types via the <span class="header">Content-Type</span> request header:
<ul>
<li><code>application/json</code></li>
</ul>
<h3 class="field-label">Request body</h3>
<div class="field-items">
<div class="param">update_rule_request <a href="#update_rule_request">update_rule_request</a> (required)</div>
<div class="param-desc"><span class="param-type">Body Parameter</span> &mdash; </div>
</div> <!-- field-items -->
<h3 class="field-label">Request headers</h3>
<div class="field-items">
<div class="param">kbn-xsrf (required)</div>
<div class="param-desc"><span class="param-type">Header Parameter</span> &mdash; default: null </div>
</div> <!-- field-items -->
<h3 class="field-label">Return type</h3>
<div class="return-type">
<a href="#rule_response_properties">rule_response_properties</a>
</div>
<!--Todo: process Response Object and its headers, schema, examples -->
<h3 class="field-label">Example data</h3>
<div class="example-data-content-type">Content-Type: application/json</div>
<pre class="example"><code>{
"throttle" : "10m",
"created_at" : "2022-12-05T23:36:58.284Z",
"last_run" : {
"alerts_count" : {
"ignored" : 6,
"new" : 1,
"recovered" : 5,
"active" : 0
},
"outcome_msg" : "outcome_msg",
"warning" : "warning",
"outcome" : "succeeded"
},
"params" : {
"key" : ""
},
"created_by" : "elastic",
"enabled" : true,
"muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
"rule_type_id" : "monitoring_alert_cluster_health",
"tags" : [ "tags", "tags" ],
"api_key_owner" : "elastic",
"schedule" : {
"interval" : "1m"
},
"notify_when" : "onActiveAlert",
"next_run" : "2022-12-06T00:14:43.818Z",
"updated_at" : "2022-12-05T23:36:58.284Z",
"execution_status" : {
"last_execution_date" : "2022-12-06T00:13:43.89Z",
"last_duration" : 55,
"status" : "ok"
},
"name" : "cluster_health_rule",
"updated_by" : "elastic",
"scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
"mute_all" : false,
"actions" : [ {
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
"params" : {
"key" : ""
},
"group" : "default"
}, {
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
"params" : {
"key" : ""
},
"group" : "default"
} ],
"consumer" : "alerts"
}</code></pre>
<h3 class="field-label">Produces</h3>
This API call produces the following media types according to the <span class="header">Accept</span> request header;
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
<ul>
<li><code>application/json</code></li>
</ul>
<h3 class="field-label">Responses</h3>
<h4 class="field-label">200</h4>
Indicates a successful call.
<a href="#rule_response_properties">rule_response_properties</a>
</div> <!-- method -->
<hr/>
<h2><a name="__Models">Models</a></h2>
[ Jump to <a href="#__Methods">Methods</a> ]
<h3>Table of Contents</h3>
<ol>
<li><a href="#actions_inner"><code>actions_inner</code> - </a></li>
<li><a href="#findRules_200_response"><code>findRules_200_response</code> - </a></li>
<li><a href="#findRules_200_response_data_inner"><code>findRules_200_response_data_inner</code> - </a></li>
<li><a href="#findRules_200_response_data_inner_actions_inner"><code>findRules_200_response_data_inner_actions_inner</code> - </a></li>
<li><a href="#findRules_200_response_data_inner_execution_status"><code>findRules_200_response_data_inner_execution_status</code> - </a></li>
<li><a href="#findRules_200_response_data_inner_last_run"><code>findRules_200_response_data_inner_last_run</code> - </a></li>
<li><a href="#findRules_200_response_data_inner_last_run_alerts_count"><code>findRules_200_response_data_inner_last_run_alerts_count</code> - </a></li>
<li><a href="#findRules_200_response_data_inner_schedule"><code>findRules_200_response_data_inner_schedule</code> - </a></li>
<li><a href="#findRules_has_reference_parameter"><code>findRules_has_reference_parameter</code> - </a></li>
<li><a href="#findRules_search_fields_parameter"><code>findRules_search_fields_parameter</code> - </a></li>
<li><a href="#notify_when"><code>notify_when</code> - </a></li>
<li><a href="#rule_response_properties"><code>rule_response_properties</code> - Rule response properties</a></li>
<li><a href="#rule_response_properties_execution_status"><code>rule_response_properties_execution_status</code> - </a></li>
<li><a href="#rule_response_properties_last_run"><code>rule_response_properties_last_run</code> - </a></li>
<li><a href="#rule_response_properties_last_run_alerts_count"><code>rule_response_properties_last_run_alerts_count</code> - </a></li>
<li><a href="#schedule"><code>schedule</code> - </a></li>
<li><a href="#update_rule_request"><code>update_rule_request</code> - Update rule request</a></li>
</ol>
<div class="model">
<h3><a name="actions_inner"><code>actions_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">group (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The group name for the actions. If you don't need to group actions, set to <code>default</code>. </div>
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the connector saved object. </div>
<div class="param">params (optional)</div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the action, which are sent to the connector. The <code>params</code> are handled as Mustache templates and passed a default set of context. </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="findRules_200_response"><code>findRules_200_response</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">data (optional)</div><div class="param-desc"><span class="param-type"><a href="#findRules_200_response_data_inner">array[findRules_200_response_data_inner]</a></span> </div>
<div class="param">data (optional)</div><div class="param-desc"><span class="param-type"><a href="#rule_response_properties">array[rule_response_properties]</a></span> </div>
<div class="param">page (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
<div class="param">per_page (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
<div class="param">total (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="findRules_200_response_data_inner"><code>findRules_200_response_data_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#findRules_200_response_data_inner_actions_inner">array[findRules_200_response_data_inner_actions_inner]</a></span> </div>
<div class="param">api_key_owner (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
<div class="param">consumer (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The application or feature that owns the rule. For example, <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
<div class="param">created_at (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> The date and time that the rule as created. format: date-time</div>
<div class="param">created_by (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the user that created the rule. </div>
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the rule is currently enabled. </div>
<div class="param">execution_status (optional)</div><div class="param-desc"><span class="param-type"><a href="#findRules_200_response_data_inner_execution_status">findRules_200_response_data_inner_execution_status</a></span> </div>
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the rule. </div>
<div class="param">last_run (optional)</div><div class="param-desc"><span class="param-type"><a href="#findRules_200_response_data_inner_last_run">findRules_200_response_data_inner_last_run</a></span> </div>
<div class="param">muted_alert_ids (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
<div class="param">mute_all (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. </div>
<div class="param">next_run (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> Indicates how often alerts generate actions. </div>
<div class="param-enum-header">Enum:</div>
<div class="param-enum">onActionGroupChange</div><div class="param-enum">onActiveAlert</div><div class="param-enum">onThrottleInterval</div>
<div class="param">params (optional)</div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the rule. </div>
<div class="param">rule_type_id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the type of rule. For example, <code>.es-query</code>, <code>.index-threshold</code>, <code>logs.alert.document.count</code>, <code>monitoring_alert_cluster_health</code>, <code>siem.thresholdRule</code>, or <code>xpack.ml.anomaly_detection_alert</code>. </div>
<div class="param">schedule (optional)</div><div class="param-desc"><span class="param-type"><a href="#findRules_200_response_data_inner_schedule">findRules_200_response_data_inner_schedule</a></span> </div>
<div class="param">scheduled_task_id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. It is specified in seconds, minutes, hours, or days. </div>
<div class="param">updated_at (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The date and time that the rule was updated most recently. </div>
<div class="param">updated_by (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the user that updated this rule most recently. </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="findRules_200_response_data_inner_actions_inner"><code>findRules_200_response_data_inner_actions_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">group (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The group name for the actions. </div>
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the connector saved object. </div>
<div class="param">params (optional)</div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the action, which are sent to the connector. </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="findRules_200_response_data_inner_execution_status"><code>findRules_200_response_data_inner_execution_status</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
<div class="param">last_execution_date (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
<div class="param">last_duration (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="findRules_200_response_data_inner_last_run"><code>findRules_200_response_data_inner_last_run</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">alerts_count (optional)</div><div class="param-desc"><span class="param-type"><a href="#findRules_200_response_data_inner_last_run_alerts_count">findRules_200_response_data_inner_last_run_alerts_count</a></span> </div>
<div class="param">outcome_msg (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
<div class="param">warning (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
<div class="param">outcome (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="findRules_200_response_data_inner_last_run_alerts_count"><code>findRules_200_response_data_inner_last_run_alerts_count</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">new (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
<div class="param">ignored (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
<div class="param">recovered (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
<div class="param">active (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="findRules_200_response_data_inner_schedule"><code>findRules_200_response_data_inner_schedule</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'>The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.</div>
<div class="field-items">
<div class="param">interval (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="findRules_has_reference_parameter"><code>findRules_has_reference_parameter</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
@ -317,5 +512,88 @@ Any modifications made to this file will be overwritten.
<div class="field-items">
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="notify_when"><code>notify_when</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'>Indicates how often alerts generate actions. Valid values include: <code>onActionGroupChange</code>: Actions run when the alert status changes; <code>onActiveAlert</code>: Actions run when the alert becomes active and at each check interval while the rule conditions are met; <code>onThrottleInterval</code>: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met.</div>
<div class="field-items">
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="rule_response_properties"><code>rule_response_properties</code> - Rule response properties</a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">actions </div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
<div class="param">api_key_owner </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The application or feature that owns the rule. For example, <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
<div class="param">created_at </div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> The date and time that the rule was created. format: date-time</div>
<div class="param">created_by </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the user that created the rule. </div>
<div class="param">enabled </div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the rule is currently enabled. </div>
<div class="param">execution_status </div><div class="param-desc"><span class="param-type"><a href="#rule_response_properties_execution_status">rule_response_properties_execution_status</a></span> </div>
<div class="param">id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the rule. </div>
<div class="param">last_run (optional)</div><div class="param-desc"><span class="param-type"><a href="#rule_response_properties_last_run">rule_response_properties_last_run</a></span> </div>
<div class="param">muted_alert_ids </div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
<div class="param">mute_all </div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. </div>
<div class="param">next_run (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
<div class="param">notify_when </div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the rule. </div>
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the type of rule. For example, <code>.es-query</code>, <code>.index-threshold</code>, <code>logs.alert.document.count</code>, <code>monitoring_alert_cluster_health</code>, <code>siem.thresholdRule</code>, or <code>xpack.ml.anomaly_detection_alert</code>. </div>
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
<div class="param">scheduled_task_id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
<div class="param">tags </div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
<div class="param">throttle </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. It is specified in seconds, minutes, hours, or days. </div>
<div class="param">updated_at </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The date and time that the rule was updated most recently. </div>
<div class="param">updated_by </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the user that updated this rule most recently. </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="rule_response_properties_execution_status"><code>rule_response_properties_execution_status</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">last_duration (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
<div class="param">last_execution_date (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="rule_response_properties_last_run"><code>rule_response_properties_last_run</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">alerts_count (optional)</div><div class="param-desc"><span class="param-type"><a href="#rule_response_properties_last_run_alerts_count">rule_response_properties_last_run_alerts_count</a></span> </div>
<div class="param">outcome (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
<div class="param">outcome_msg (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
<div class="param">warning (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="rule_response_properties_last_run_alerts_count"><code>rule_response_properties_last_run_alerts_count</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'></div>
<div class="field-items">
<div class="param">active (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
<div class="param">ignored (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
<div class="param">new (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
<div class="param">recovered (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="schedule"><code>schedule</code> - </a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'>The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.</div>
<div class="field-items">
<div class="param">interval (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
</div> <!-- field-items -->
</div>
<div class="model">
<h3><a name="update_rule_request"><code>update_rule_request</code> - Update rule request</a> <a class="up" href="#__Models">Up</a></h3>
<div class='model-description'>The update rule API request body varies depending on the type of rule and actions.</div>
<div class="field-items">
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. </div>
<div class="param">notify_when </div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the rule. </div>
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. It is specified in seconds, minutes, hours, or days. </div>
</div> <!-- field-items -->
</div>
</div>
++++

8
docs/api/alerting/delete_rule.asciidoc
View file

@ -8,6 +8,12 @@ Permanently removes a rule.
WARNING: After you delete a rule, you cannot recover it.
[NOTE]
====
For the most up-to-date API details, refer to the
{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <<rule-apis>>.
====
[[delete-rule-api-request]]
=== {api-request-title}
@ -36,7 +42,7 @@ default space is used.
[[delete-rule-api-response-codes]]
=== {api-response-codes-title}
`200`::
`204`::
Indicates a successful call.
=== {api-examples-title}

88
docs/api/alerting/get_rules.asciidoc
View file

@ -6,6 +6,12 @@
Retrieve a rule by ID.
[NOTE]
====
For the most up-to-date API details, refer to the
{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <<rule-apis>>.
====
[[get-rule-api-request]]
=== {api-request-title}
@ -55,33 +61,63 @@ The API returns the following:
[source,sh]
--------------------------------------------------
{
"id": "0a037d60-6b62-11eb-9e0d-85d233e3ee35",
"notify_when": "onActionGroupChange",
"params": {
"aggType": "avg",
"id":"31697a40-7b36-11ed-aa79-f742c05329b2",
"consumer":"alerts",
"tags":["cpu"],
"name":"my alert",
"enabled":true,
"throttle":null,
"schedule":{
"interval":"1m"
},
"consumer": "alerts",
"rule_type_id": "test.rule.type",
"schedule": {
"interval": "1m"
"params":{
"aggType":"avg",
"termSize":6,
"thresholdComparator":">",
"timeWindowSize":5,
"timeWindowUnit":"m",
"groupBy":"top",
"threshold":[1000],
"index":["test-index"],
"timeField":"@timestamp",
"aggField":"sheet.version",
"termField":"name.keyword"
},
"rule_type_id":".index-threshold",
"created_by":"elastic",
"updated_by":"elastic",
"created_at":"2022-12-13T22:33:41.163Z",
"updated_at":"2022-12-13T22:33:41.163Z",
"api_key_owner":"elastic",
"notify_when":"onActionGroupChange",
"muted_alert_ids":[],
"mute_all":false,
"scheduled_task_id":"31697a40-7b36-11ed-aa79-f742c05329b2",
"execution_status":{
"status":"ok",
"last_execution_date":"2022-12-13T22:33:44.388Z",
"last_duration":83
},
"actions": [],
"tags": [],
"name": "test rule",
"enabled": true,
"throttle": null,
"api_key_owner": "elastic",
"created_by": "elastic",
"updated_by": "elastic",
"mute_all": false,
"muted_alert_ids": [],
"updated_at": "2021-02-10T05:37:19.086Z",
"created_at": "2021-02-10T05:37:19.086Z",
"scheduled_task_id": "0b092d90-6b62-11eb-9e0d-85d233e3ee35",
"execution_status": {
"last_execution_date": "2021-02-10T17:55:14.262Z",
"status": "ok",
"last_duration": 359
}
"actions":[{
"group":"threshold met",
"id":"1007a0c0-7a6e-11ed-89d5-abec321c0def",
"params":{
"level":"info",
"message":"alert {{alertName}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}\n- Timestamp: {{context.date}}"
},
"connector_type_id":".server-log"
}],
"last_run":{
"alerts_count":{
"new":0,
"ignored":0,
"recovered":0,
"active":0
},
"outcome_msg":null,
"warning":null,
"outcome":"succeeded"
},
"next_run":"2022-12-13T22:34:44.314Z"
}
--------------------------------------------------

29
docs/api/alerting/update_rule.asciidoc
View file

@ -6,6 +6,12 @@
Update the attributes for an existing rule.
[NOTE]
====
For the most up-to-date API details, refer to the
{kib-repo}/tree/{branch}/x-pack/plugins/alerting/docs/openapi[open API specification]. For a preview, check out <<rule-apis>>.
====
[[update-rule-api-request]]
=== {api-request-title}
@ -132,7 +138,6 @@ PUT api/alerting/rule/ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
"timeWindowUnit":"m",
"thresholdComparator":">",
"threshold":[1000],
"aggType":"avg",
"aggField":"sheet.version",
"termField":"name.keyword",
"termSize":6
@ -180,16 +185,28 @@ The API returns the following:
"updated_by": "elastic",
"rule_type_id": ".index-threshold",
"scheduled_task_id": "4c5eda00-e74f-11ec-b72f-5b18752ff9ea",
"created_at": "2022-06-08T17:20:31.632Z",
"updated_at": "2022-06-09T23:36:36.090Z",
"created_at": "2022-12-12T22:43:20.578Z",
"updated_at": "2022-12-12T22:44:21.783Z",
"notify_when": "onActionGroupChange",
"mute_all": false,
"muted_alert_ids": [],
"execution_status": {
"status": "ok",
"last_execution_date": "2022-06-09T23:36:17.332Z",
"last_duration": 577
"last_execution_date": "2022-12-12T22:43:21.723Z",
"last_duration": 125
},
"actions":[]
"actions":[],
"last_run":{
"alerts_count": {
"new": 0,
"ignored": 0,
"recovered": 0,
"active": 0
},
"outcome_msg" :null,
"warning": null,
"outcome": "succeeded"
},
"next_run": "2022-12-12T22:44:21.653Z"
}
--------------------------------------------------

779
x-pack/plugins/alerting/docs/openapi/bundled.json
View file

@ -25,6 +25,131 @@
}
],
"paths": {
"/s/{spaceId}/api/alerting/rule/{ruleId}": {
"get": {
"summary": "Retrieve a rule by its identifier.",
"operationId": "getRule",
"description": "You must have `read` privileges for the appropriate Kibana features, depending on the `consumer` and `rule_type_id` of the rules you're seeking. For example, the **Management > Stack Rules** feature, **Analytics > Discover** and **Machine Learning** features, **Observability** features, or **Security** features. To get rules associated with the **Stack Monitoring** feature, use the `monitoring_user` built-in role.\n",
"tags": [
"alerting"
],
"parameters": [
{
"$ref": "#/components/parameters/rule_id"
},
{
"$ref": "#/components/parameters/space_id"
}
],
"responses": {
"200": {
"description": "Indicates a successful call.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/rule_response_properties"
},
"examples": {
"updateRuleResponse": {
"$ref": "#/components/examples/get_rule_response"
}
}
}
}
}
}
},
"delete": {
"summary": "Deletes a rule.",
"operationId": "deleteRule",
"description": "You must have `all` privileges for the appropriate Kibana features, depending on the `consumer` and `rule_type_id` of the rule you're deleting. For example, the **Management** > **Stack Rules** feature, **Analytics** > **Discover** or **Machine Learning** features, **Observability**, or **Security** features. WARNING: After you delete a rule, you cannot recover it.\n",
"tags": [
"alerting"
],
"parameters": [
{
"$ref": "#/components/parameters/kbn_xsrf"
},
{
"$ref": "#/components/parameters/rule_id"
},
{
"$ref": "#/components/parameters/space_id"
}
],
"responses": {
"204": {
"description": "Indicates a successful call."
}
},
"servers": [
{
"url": "https://localhost:5601"
}
]
},
"put": {
"summary": "Updates the attributes for a rule.",
"operationId": "updateRule",
"description": "You must have `all` privileges for the appropriate Kibana features, depending on the `consumer` and `rule_type_id` of the rule you're updating. For example, you must have privileges for the **Management > Stack rules** feature, **Analytics > Discover** and **Machine Learning** features, **Observability** features, or **Security** features. If the rule has actions, you must also have `read` privileges for the **Management > Actions and Connectors** feature. NOTE: This API supports only token-based authentication. When you update a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If you have different privileges than the user that created or most recently updated the rule, you might change its behavior. Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.\n",
"tags": [
"alerting"
],
"parameters": [
{
"$ref": "#/components/parameters/kbn_xsrf"
},
{
"$ref": "#/components/parameters/rule_id"
},
{
"$ref": "#/components/parameters/space_id"
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/update_rule_request"
},
"examples": {
"updateCaseRequest": {
"$ref": "#/components/examples/update_rule_request"
}
}
}
}
},
"responses": {
"200": {
"description": "Indicates a successful call.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/rule_response_properties"
},
"examples": {
"updateRuleResponse": {
"$ref": "#/components/examples/update_rule_response"
}
}
}
}
}
},
"servers": [
{
"url": "https://localhost:5601"
}
]
},
"servers": [
{
"url": "https://localhost:5601"
}
]
},
"/s/{spaceId}/api/alerting/rules/_find": {
"get": {
"summary": "Retrieves information about rules.",
@ -162,201 +287,7 @@
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"actions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"group": {
"type": "string",
"description": "The group name for the actions.",
"example": "default"
},
"id": {
"type": "string",
"description": "The identifier for the connector saved object.",
"example": "9dca3e00-74f5-11ed-9801-35303b735aef"
},
"params": {
"type": "object",
"description": "The parameters for the action, which are sent to the connector.",
"additionalProperties": true
}
}
}
},
"api_key_owner": {
"type": "string",
"nullable": true,
"example": "elastic"
},
"consumer": {
"type": "string",
"description": "The application or feature that owns the rule. For example, `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.",
"example": "alerts"
},
"created_at": {
"type": "string",
"description": "The date and time that the rule as created.",
"format": "date-time",
"example": "2022-12-05T23:36:58.284Z"
},
"created_by": {
"type": "string",
"description": "The identifier for the user that created the rule.",
"nullable": true,
"example": "elastic"
},
"enabled": {
"type": "boolean",
"description": "Indicates whether the rule is currently enabled.",
"example": true
},
"execution_status": {
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "ok"
},
"last_execution_date": {
"type": "string",
"format": "date-time",
"example": "2022-12-06T00:13:43.890Z"
},
"last_duration": {
"type": "integer",
"example": 55
}
}
},
"id": {
"type": "string",
"description": "The identifier for the rule.",
"example": "b530fed0-74f5-11ed-9801-35303b735aef"
},
"last_run": {
"type": "object",
"properties": {
"alerts_count": {
"type": "object",
"properties": {
"new": {
"type": "integer",
"nullable": true
},
"ignored": {
"type": "integer",
"nullable": true
},
"recovered": {
"type": "integer",
"nullable": true
},
"active": {
"type": "integer",
"nullable": true
}
}
},
"outcome_msg": {
"type": "string",
"nullable": true,
"example": null
},
"warning": {
"type": "string",
"nullable": true,
"example": null
},
"outcome": {
"type": "string",
"example": "succeeded"
}
}
},
"muted_alert_ids": {
"type": "array",
"items": {
"type": "string"
}
},
"mute_all": {
"type": "boolean",
"example": false
},
"name": {
"type": "string",
"description": "The name of the rule.",
"example": "cluster_health_rule"
},
"next_run": {
"type": "string",
"format": "date-time",
"nullable": true,
"example": "2022-12-06T00:14:43.818Z"
},
"notify_when": {
"type": "string",
"description": "Indicates how often alerts generate actions.",
"enum": [
"onActionGroupChange",
"onActiveAlert",
"onThrottleInterval"
],
"example": "onActiveAlert"
},
"params": {
"type": "object",
"description": "The parameters for the rule.",
"additionalProperties": true
},
"rule_type_id": {
"type": "string",
"description": "The identifier for the type of rule. For example, `.es-query`, `.index-threshold`, `logs.alert.document.count`, `monitoring_alert_cluster_health`, `siem.thresholdRule`, or `xpack.ml.anomaly_detection_alert`.",
"example": "monitoring_alert_cluster_health"
},
"schedule": {
"type": "object",
"description": "The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.",
"properties": {
"interval": {
"type": "string",
"example": "1m"
}
}
},
"scheduled_task_id": {
"type": "string",
"example": "b530fed0-74f5-11ed-9801-35303b735aef"
},
"tags": {
"type": "array",
"description": "The tags for the rule.",
"items": {
"type": "string"
}
},
"throttle": {
"type": "string",
"description": "The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if `notify_when` is set to `onThrottleInterval`. It is specified in seconds, minutes, hours, or days.",
"nullable": true,
"example": "10m"
},
"updated_at": {
"type": "string",
"description": "The date and time that the rule was updated most recently.",
"example": "2022-12-05T23:36:58.284Z"
},
"updated_by": {
"type": "string",
"description": "The identifier for the user that updated this rule most recently.",
"nullable": true,
"example": "elastic"
}
}
"$ref": "#/components/schemas/rule_response_properties"
}
},
"page": {
@ -405,6 +336,16 @@
}
},
"parameters": {
"rule_id": {
"in": "path",
"name": "ruleId",
"description": "An identifier for the rule.",
"required": true,
"schema": {
"type": "string",
"example": "ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74"
}
},
"space_id": {
"in": "path",
"name": "spaceId",
@ -414,9 +355,457 @@
"type": "string",
"example": "default"
}
},
"kbn_xsrf": {
"schema": {
"type": "string"
},
"in": "header",
"name": "kbn-xsrf",
"required": true
}
},
"schemas": {
"actions": {
"type": "array",
"default": [],
"required": [
"group",
"id",
"params"
],
"nullable": true,
"items": {
"type": "object",
"properties": {
"group": {
"type": "string",
"description": "The group name for the actions. If you don't need to group actions, set to `default`.",
"example": "default"
},
"id": {
"type": "string",
"description": "The identifier for the connector saved object.",
"example": "9dca3e00-74f5-11ed-9801-35303b735aef"
},
"params": {
"type": "object",
"description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.",
"additionalProperties": true
}
}
}
},
"notify_when": {
"type": "string",
"description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met.\n",
"enum": [
"onActionGroupChange",
"onActiveAlert",
"onThrottleInterval"
],
"example": "onActiveAlert"
},
"schedule": {
"type": "object",
"description": "The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.",
"properties": {
"interval": {
"type": "string",
"example": "1m"
}
}
},
"tags": {
"type": "array",
"description": "The tags for the rule.",
"items": {
"type": "string"
},
"default": []
},
"throttle": {
"type": "string",
"description": "The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if `notify_when` is set to `onThrottleInterval`. It is specified in seconds, minutes, hours, or days.",
"nullable": true,
"default": null,
"example": "10m"
},
"rule_response_properties": {
"title": "Rule response properties",
"type": "object",
"required": [
"actions",
"api_key_owner",
"consumer",
"created_at",
"created_by",
"enabled",
"execution_status",
"id",
"mute_all",
"muted_alert_ids",
"name",
"notify_when",
"params",
"rule_type_id",
"schedule",
"tags",
"throttle",
"updated_at",
"updated_by"
],
"properties": {
"actions": {
"$ref": "#/components/schemas/actions"
},
"api_key_owner": {
"type": "string",
"nullable": true,
"example": "elastic"
},
"consumer": {
"type": "string",
"description": "The application or feature that owns the rule. For example, `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.",
"example": "alerts"
},
"created_at": {
"type": "string",
"description": "The date and time that the rule was created.",
"format": "date-time",
"example": "2022-12-05T23:36:58.284Z"
},
"created_by": {
"type": "string",
"description": "The identifier for the user that created the rule.",
"nullable": true,
"example": "elastic"
},
"enabled": {
"type": "boolean",
"description": "Indicates whether the rule is currently enabled.",
"example": true
},
"execution_status": {
"type": "object",
"properties": {
"last_duration": {
"type": "integer",
"example": 55
},
"last_execution_date": {
"type": "string",
"format": "date-time",
"example": "2022-12-06T00:13:43.890Z"
},
"status": {
"type": "string",
"example": "ok"
}
}
},
"id": {
"type": "string",
"description": "The identifier for the rule.",
"example": "b530fed0-74f5-11ed-9801-35303b735aef"
},
"last_run": {
"type": "object",
"properties": {
"alerts_count": {
"type": "object",
"properties": {
"active": {
"type": "integer"
},
"ignored": {
"type": "integer"
},
"new": {
"type": "integer"
},
"recovered": {
"type": "integer"
}
}
},
"outcome": {
"type": "string",
"example": "succeeded"
},
"outcome_msg": {
"type": "string",
"nullable": true,
"example": null
},
"warning": {
"type": "string",
"nullable": true,
"example": null
}
}
},
"muted_alert_ids": {
"type": "array",
"nullable": true,
"items": {
"type": "string"
}
},
"mute_all": {
"type": "boolean",
"example": false
},
"name": {
"type": "string",
"description": "The name of the rule.",
"example": "cluster_health_rule"
},
"next_run": {
"type": "string",
"format": "date-time",
"nullable": true,
"example": "2022-12-06T00:14:43.818Z"
},
"notify_when": {
"$ref": "#/components/schemas/notify_when"
},
"params": {
"type": "object",
"description": "The parameters for the rule.",
"additionalProperties": true
},
"rule_type_id": {
"type": "string",
"description": "The identifier for the type of rule. For example, `.es-query`, `.index-threshold`, `logs.alert.document.count`, `monitoring_alert_cluster_health`, `siem.thresholdRule`, or `xpack.ml.anomaly_detection_alert`.\n",
"example": "monitoring_alert_cluster_health"
},
"schedule": {
"$ref": "#/components/schemas/schedule"
},
"scheduled_task_id": {
"type": "string",
"example": "b530fed0-74f5-11ed-9801-35303b735aef"
},
"tags": {
"$ref": "#/components/schemas/tags"
},
"throttle": {
"$ref": "#/components/schemas/throttle"
},
"updated_at": {
"type": "string",
"description": "The date and time that the rule was updated most recently.",
"example": "2022-12-05T23:36:58.284Z"
},
"updated_by": {
"type": "string",
"description": "The identifier for the user that updated this rule most recently.",
"nullable": true,
"example": "elastic"
}
}
},
"update_rule_request": {
"title": "Update rule request",
"description": "The update rule API request body varies depending on the type of rule and actions.",
"type": "object",
"required": [
"name",
"notify_when",
"params",
"schedule"
],
"properties": {
"actions": {
"$ref": "#/components/schemas/actions"
},
"name": {
"type": "string",
"description": "The name of the rule.",
"example": "cluster_health_rule"
},
"notify_when": {
"$ref": "#/components/schemas/notify_when"
},
"params": {
"type": "object",
"description": "The parameters for the rule.",
"additionalProperties": true
},
"schedule": {
"$ref": "#/components/schemas/schedule"
},
"tags": {
"$ref": "#/components/schemas/tags"
},
"throttle": {
"$ref": "#/components/schemas/throttle"
}
}
}
},
"examples": {
"get_rule_response": {
"summary": "The get rule API returns a JSON object that contains details about the rule.",
"value": {
"id": "31697a40-7b36-11ed-aa79-f742c05329b2",
"consumer": "alerts",
"tags": [
"cpu"
],
"name": "my alert",
"enabled": true,
"throttle": null,
"schedule": {
"interval": "1m"
},
"params": {
"aggType": "avg",
"termSize": 6,
"thresholdComparator": ">",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"groupBy": "top",
"threshold": [
1000
],
"index": [
"test-index"
],
"timeField": "@timestamp",
"aggField": "sheet.version",
"termField": "name.keyword"
},
"rule_type_id": ".index-threshold",
"created_by": "elastic",
"updated_by": "elastic",
"created_at": "2022-12-13T22:33:41.163Z",
"updated_at": "2022-12-13T22:33:41.163Z",
"api_key_owner": "elastic",
"notify_when": "onActionGroupChange",
"muted_alert_ids": [],
"mute_all": false,
"scheduled_task_id": "31697a40-7b36-11ed-aa79-f742c05329b2",
"execution_status": {
"status": "ok",
"last_execution_date": "2022-12-13T22:33:44.388Z",
"last_duration": 83
},
"actions": [
{
"group": "threshold met",
"id": "1007a0c0-7a6e-11ed-89d5-abec321c0def",
"params": {
"level": "info",
"message": "alert {{alertName}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}\n- Timestamp: {{context.date}",
"connector_type_id": ".server-log"
}
}
],
"last_run": {
"alerts_count": {
"new": 0,
"ignored": 0,
"recovered": 0,
"active": 0
},
"outcome_msg": null,
"warning": null,
"outcome": "succeeded"
},
"next_run": "2022-12-13T22:34:44.314Z"
}
},
"update_rule_request": {
"summary": "Update an index threshold rule.",
"value": {
"notify_when": "onActionGroupChange",
"params": {
"index": [
".test-index"
],
"timeField": "@timestamp",
"groupBy": "top",
"aggType": "avg",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"thresholdComparator": ">",
"threshold": [
1000
],
"aggField": "sheet.version",
"termField": "name.keyword",
"termSize": 6
},
"schedule": {
"interval": "1m"
},
"actions": [],
"tags": [],
"name": "new name",
"throttle": null
}
},
"update_rule_response": {
"summary": "The update rule API returns a JSON object that contains details about the rule.",
"value": {
"id": "ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74",
"consumer": "alerts",
"tags": [],
"name": "new name",
"enabled": true,
"throttle": null,
"schedule": {
"interval": "1m"
},
"params": {
"index": [
".updated-index"
],
"timeField": "@timestamp",
"groupBy": "top",
"aggType": "avg",
"timeWindowSize": 5,
"timeWindowUnit": "m",
"thresholdComparator": ">",
"threshold": [
1000
],
"aggField": "sheet.version",
"termField": "name.keyword",
"termSize": 6
},
"api_key_owner": "elastic",
"created_by": "elastic",
"updated_by": "elastic",
"rule_type_id": ".index-threshold",
"scheduled_task_id": "4c5eda00-e74f-11ec-b72f-5b18752ff9ea",
"created_at": "2022-12-12T22:43:20.578Z",
"updated_at": "2022-12-12T22:44:21.783Z",
"notify_when": "onActionGroupChange",
"mute_all": false,
"muted_alert_ids": [],
"execution_status": {
"status": "ok",
"last_execution_date": "2022-12-12T22:43:21.723Z",
"last_duration": 125
},
"actions": [],
"last_run": {
"alerts_count": {
"new": 0,
"ignored": 0,
"recovered": 0,
"active": 0
},
"outcome_msg": null,
"warning": null,
"outcome": "succeeded"
},
"next_run": "2022-12-12T22:44:21.653Z"
}
},
"find_rules_response": {
"summary": "Retrieve information about a rule.",
"value": {

586
x-pack/plugins/alerting/docs/openapi/bundled.yaml
View file

@ -15,6 +15,77 @@ servers:
- url: http://localhost:5601
description: local
paths:
/s/{spaceId}/api/alerting/rule/{ruleId}:
get:
summary: Retrieve a rule by its identifier.
operationId: getRule
description: |
You must have `read` privileges for the appropriate Kibana features, depending on the `consumer` and `rule_type_id` of the rules you're seeking. For example, the **Management > Stack Rules** feature, **Analytics > Discover** and **Machine Learning** features, **Observability** features, or **Security** features. To get rules associated with the **Stack Monitoring** feature, use the `monitoring_user` built-in role.
tags:
- alerting
parameters:
- $ref: '#/components/parameters/rule_id'
- $ref: '#/components/parameters/space_id'
responses:
'200':
description: Indicates a successful call.
content:
application/json:
schema:
$ref: '#/components/schemas/rule_response_properties'
examples:
updateRuleResponse:
$ref: '#/components/examples/get_rule_response'
delete:
summary: Deletes a rule.
operationId: deleteRule
description: |
You must have `all` privileges for the appropriate Kibana features, depending on the `consumer` and `rule_type_id` of the rule you're deleting. For example, the **Management** > **Stack Rules** feature, **Analytics** > **Discover** or **Machine Learning** features, **Observability**, or **Security** features. WARNING: After you delete a rule, you cannot recover it.
tags:
- alerting
parameters:
- $ref: '#/components/parameters/kbn_xsrf'
- $ref: '#/components/parameters/rule_id'
- $ref: '#/components/parameters/space_id'
responses:
'204':
description: Indicates a successful call.
servers:
- url: https://localhost:5601
put:
summary: Updates the attributes for a rule.
operationId: updateRule
description: |
You must have `all` privileges for the appropriate Kibana features, depending on the `consumer` and `rule_type_id` of the rule you're updating. For example, you must have privileges for the **Management > Stack rules** feature, **Analytics > Discover** and **Machine Learning** features, **Observability** features, or **Security** features. If the rule has actions, you must also have `read` privileges for the **Management > Actions and Connectors** feature. NOTE: This API supports only token-based authentication. When you update a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If you have different privileges than the user that created or most recently updated the rule, you might change its behavior. Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.
tags:
- alerting
parameters:
- $ref: '#/components/parameters/kbn_xsrf'
- $ref: '#/components/parameters/rule_id'
- $ref: '#/components/parameters/space_id'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/update_rule_request'
examples:
updateCaseRequest:
$ref: '#/components/examples/update_rule_request'
responses:
'200':
description: Indicates a successful call.
content:
application/json:
schema:
$ref: '#/components/schemas/rule_response_properties'
examples:
updateRuleResponse:
$ref: '#/components/examples/update_rule_response'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601
/s/{spaceId}/api/alerting/rules/_find:
get:
summary: Retrieves information about rules.
@ -110,154 +181,7 @@ paths:
data:
type: array
items:
type: object
properties:
actions:
type: array
items:
type: object
properties:
group:
type: string
description: The group name for the actions.
example: default
id:
type: string
description: The identifier for the connector saved object.
example: 9dca3e00-74f5-11ed-9801-35303b735aef
params:
type: object
description: The parameters for the action, which are sent to the connector.
additionalProperties: true
api_key_owner:
type: string
nullable: true
example: elastic
consumer:
type: string
description: The application or feature that owns the rule. For example, `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
example: alerts
created_at:
type: string
description: The date and time that the rule as created.
format: date-time
example: '2022-12-05T23:36:58.284Z'
created_by:
type: string
description: The identifier for the user that created the rule.
nullable: true
example: elastic
enabled:
type: boolean
description: Indicates whether the rule is currently enabled.
example: true
execution_status:
type: object
properties:
status:
type: string
example: ok
last_execution_date:
type: string
format: date-time
example: '2022-12-06T00:13:43.890Z'
last_duration:
type: integer
example: 55
id:
type: string
description: The identifier for the rule.
example: b530fed0-74f5-11ed-9801-35303b735aef
last_run:
type: object
properties:
alerts_count:
type: object
properties:
new:
type: integer
nullable: true
ignored:
type: integer
nullable: true
recovered:
type: integer
nullable: true
active:
type: integer
nullable: true
outcome_msg:
type: string
nullable: true
example: null
warning:
type: string
nullable: true
example: null
outcome:
type: string
example: succeeded
muted_alert_ids:
type: array
items:
type: string
mute_all:
type: boolean
example: false
name:
type: string
description: The name of the rule.
example: cluster_health_rule
next_run:
type: string
format: date-time
nullable: true
example: '2022-12-06T00:14:43.818Z'
notify_when:
type: string
description: Indicates how often alerts generate actions.
enum:
- onActionGroupChange
- onActiveAlert
- onThrottleInterval
example: onActiveAlert
params:
type: object
description: The parameters for the rule.
additionalProperties: true
rule_type_id:
type: string
description: The identifier for the type of rule. For example, `.es-query`, `.index-threshold`, `logs.alert.document.count`, `monitoring_alert_cluster_health`, `siem.thresholdRule`, or `xpack.ml.anomaly_detection_alert`.
example: monitoring_alert_cluster_health
schedule:
type: object
description: The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.
properties:
interval:
type: string
example: 1m
scheduled_task_id:
type: string
example: b530fed0-74f5-11ed-9801-35303b735aef
tags:
type: array
description: The tags for the rule.
items:
type: string
throttle:
type: string
description: The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if `notify_when` is set to `onThrottleInterval`. It is specified in seconds, minutes, hours, or days.
nullable: true
example: 10m
updated_at:
type: string
description: The date and time that the rule was updated most recently.
example: '2022-12-05T23:36:58.284Z'
updated_by:
type: string
description: The identifier for the user that updated this rule most recently.
nullable: true
example: elastic
$ref: '#/components/schemas/rule_response_properties'
page:
type: integer
per_page:
@ -281,6 +205,14 @@ components:
in: header
name: ApiKey
parameters:
rule_id:
in: path
name: ruleId
description: An identifier for the rule.
required: true
schema:
type: string
example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
space_id:
in: path
name: spaceId
@ -289,7 +221,365 @@ components:
schema:
type: string
example: default
kbn_xsrf:
schema:
type: string
in: header
name: kbn-xsrf
required: true
schemas:
actions:
type: array
default: []
required:
- group
- id
- params
nullable: true
items:
type: object
properties:
group:
type: string
description: The group name for the actions. If you don't need to group actions, set to `default`.
example: default
id:
type: string
description: The identifier for the connector saved object.
example: 9dca3e00-74f5-11ed-9801-35303b735aef
params:
type: object
description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
additionalProperties: true
notify_when:
type: string
description: |
Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met.
enum:
- onActionGroupChange
- onActiveAlert
- onThrottleInterval
example: onActiveAlert
schedule:
type: object
description: The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.
properties:
interval:
type: string
example: 1m
tags:
type: array
description: The tags for the rule.
items:
type: string
default: []
throttle:
type: string
description: The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if `notify_when` is set to `onThrottleInterval`. It is specified in seconds, minutes, hours, or days.
nullable: true
default: null
example: 10m
rule_response_properties:
title: Rule response properties
type: object
required:
- actions
- api_key_owner
- consumer
- created_at
- created_by
- enabled
- execution_status
- id
- mute_all
- muted_alert_ids
- name
- notify_when
- params
- rule_type_id
- schedule
- tags
- throttle
- updated_at
- updated_by
properties:
actions:
$ref: '#/components/schemas/actions'
api_key_owner:
type: string
nullable: true
example: elastic
consumer:
type: string
description: The application or feature that owns the rule. For example, `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
example: alerts
created_at:
type: string
description: The date and time that the rule was created.
format: date-time
example: '2022-12-05T23:36:58.284Z'
created_by:
type: string
description: The identifier for the user that created the rule.
nullable: true
example: elastic
enabled:
type: boolean
description: Indicates whether the rule is currently enabled.
example: true
execution_status:
type: object
properties:
last_duration:
type: integer
example: 55
last_execution_date:
type: string
format: date-time
example: '2022-12-06T00:13:43.890Z'
status:
type: string
example: ok
id:
type: string
description: The identifier for the rule.
example: b530fed0-74f5-11ed-9801-35303b735aef
last_run:
type: object
properties:
alerts_count:
type: object
properties:
active:
type: integer
ignored:
type: integer
new:
type: integer
recovered:
type: integer
outcome:
type: string
example: succeeded
outcome_msg:
type: string
nullable: true
example: null
warning:
type: string
nullable: true
example: null
muted_alert_ids:
type: array
nullable: true
items:
type: string
mute_all:
type: boolean
example: false
name:
type: string
description: The name of the rule.
example: cluster_health_rule
next_run:
type: string
format: date-time
nullable: true
example: '2022-12-06T00:14:43.818Z'
notify_when:
$ref: '#/components/schemas/notify_when'
params:
type: object
description: The parameters for the rule.
additionalProperties: true
rule_type_id:
type: string
description: |
The identifier for the type of rule. For example, `.es-query`, `.index-threshold`, `logs.alert.document.count`, `monitoring_alert_cluster_health`, `siem.thresholdRule`, or `xpack.ml.anomaly_detection_alert`.
example: monitoring_alert_cluster_health
schedule:
$ref: '#/components/schemas/schedule'
scheduled_task_id:
type: string
example: b530fed0-74f5-11ed-9801-35303b735aef
tags:
$ref: '#/components/schemas/tags'
throttle:
$ref: '#/components/schemas/throttle'
updated_at:
type: string
description: The date and time that the rule was updated most recently.
example: '2022-12-05T23:36:58.284Z'
updated_by:
type: string
description: The identifier for the user that updated this rule most recently.
nullable: true
example: elastic
update_rule_request:
title: Update rule request
description: The update rule API request body varies depending on the type of rule and actions.
type: object
required:
- name
- notify_when
- params
- schedule
properties:
actions:
$ref: '#/components/schemas/actions'
name:
type: string
description: The name of the rule.
example: cluster_health_rule
notify_when:
$ref: '#/components/schemas/notify_when'
params:
type: object
description: The parameters for the rule.
additionalProperties: true
schedule:
$ref: '#/components/schemas/schedule'
tags:
$ref: '#/components/schemas/tags'
throttle:
$ref: '#/components/schemas/throttle'
examples:
get_rule_response:
summary: The get rule API returns a JSON object that contains details about the rule.
value:
id: 31697a40-7b36-11ed-aa79-f742c05329b2
consumer: alerts
tags:
- cpu
name: my alert
enabled: true
throttle: null
schedule:
interval: 1m
params:
aggType: avg
termSize: 6
thresholdComparator: '>'
timeWindowSize: 5
timeWindowUnit: m
groupBy: top
threshold:
- 1000
index:
- test-index
timeField: '@timestamp'
aggField: sheet.version
termField: name.keyword
rule_type_id: .index-threshold
created_by: elastic
updated_by: elastic
created_at: '2022-12-13T22:33:41.163Z'
updated_at: '2022-12-13T22:33:41.163Z'
api_key_owner: elastic
notify_when: onActionGroupChange
muted_alert_ids: []
mute_all: false
scheduled_task_id: 31697a40-7b36-11ed-aa79-f742c05329b2
execution_status:
status: ok
last_execution_date: '2022-12-13T22:33:44.388Z'
last_duration: 83
actions:
- group: threshold met
id: 1007a0c0-7a6e-11ed-89d5-abec321c0def
params:
level: info
message: |-
alert {{alertName}} is active for group {{context.group}}:
- Value: {{context.value}}
- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}
- Timestamp: {{context.date}
connector_type_id: .server-log
last_run:
alerts_count:
new: 0
ignored: 0
recovered: 0
active: 0
outcome_msg: null
warning: null
outcome: succeeded
next_run: '2022-12-13T22:34:44.314Z'
update_rule_request:
summary: Update an index threshold rule.
value:
notify_when: onActionGroupChange
params:
index:
- .test-index
timeField: '@timestamp'
groupBy: top
aggType: avg
timeWindowSize: 5
timeWindowUnit: m
thresholdComparator: '>'
threshold:
- 1000
aggField: sheet.version
termField: name.keyword
termSize: 6
schedule:
interval: 1m
actions: []
tags: []
name: new name
throttle: null
update_rule_response:
summary: The update rule API returns a JSON object that contains details about the rule.
value:
id: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
consumer: alerts
tags: []
name: new name
enabled: true
throttle: null
schedule:
interval: 1m
params:
index:
- .updated-index
timeField: '@timestamp'
groupBy: top
aggType: avg
timeWindowSize: 5
timeWindowUnit: m
thresholdComparator: '>'
threshold:
- 1000
aggField: sheet.version
termField: name.keyword
termSize: 6
api_key_owner: elastic
created_by: elastic
updated_by: elastic
rule_type_id: .index-threshold
scheduled_task_id: 4c5eda00-e74f-11ec-b72f-5b18752ff9ea
created_at: '2022-12-12T22:43:20.578Z'
updated_at: '2022-12-12T22:44:21.783Z'
notify_when: onActionGroupChange
mute_all: false
muted_alert_ids: []
execution_status:
status: ok
last_execution_date: '2022-12-12T22:43:21.723Z'
last_duration: 125
actions: []
last_run:
alerts_count:
new: 0
ignored: 0
recovered: 0
active: 0
outcome_msg: null
warning: null
outcome: succeeded
next_run: '2022-12-12T22:44:21.653Z'
find_rules_response:
summary: Retrieve information about a rule.
value:

56
x-pack/plugins/alerting/docs/openapi/components/examples/get_rule_response.yaml Normal file
View file

@ -0,0 +1,56 @@
summary: The get rule API returns a JSON object that contains details about the rule.
value:
id: 31697a40-7b36-11ed-aa79-f742c05329b2
consumer: alerts
tags:
- cpu
name: my alert
enabled: true
throttle: null
schedule:
interval: 1m
params:
aggType: avg
termSize: 6
thresholdComparator: ">"
timeWindowSize: 5
timeWindowUnit: m
groupBy: top
threshold:
- 1000
index:
- test-index
timeField: "@timestamp"
aggField: sheet.version
termField: name.keyword
rule_type_id: .index-threshold
created_by: elastic
updated_by: elastic
created_at: '2022-12-13T22:33:41.163Z'
updated_at: '2022-12-13T22:33:41.163Z'
api_key_owner: elastic
notify_when: onActionGroupChange
muted_alert_ids: []
mute_all: false
scheduled_task_id: 31697a40-7b36-11ed-aa79-f742c05329b2
execution_status:
status: ok
last_execution_date: '2022-12-13T22:33:44.388Z'
last_duration: 83
actions:
- group: threshold met
id: 1007a0c0-7a6e-11ed-89d5-abec321c0def
params:
level: info
message: "alert {{alertName}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}\n- Timestamp: {{context.date}"
connector_type_id: .server-log
last_run:
alerts_count:
new: 0
ignored: 0
recovered: 0
active: 0
outcome_msg: null
warning: null
outcome: succeeded
next_run: '2022-12-13T22:34:44.314Z'

21
x-pack/plugins/alerting/docs/openapi/components/examples/update_rule_request.yaml Normal file
View file

@ -0,0 +1,21 @@
summary: Update an index threshold rule.
value:
notify_when: onActionGroupChange
params:
index: [".test-index"]
timeField: "@timestamp"
groupBy: top
aggType: avg
timeWindowSize: 5
timeWindowUnit: m
thresholdComparator: ">"
threshold: [1000]
aggField : sheet.version
termField: name.keyword
termSize: 6
schedule:
interval: 1m
actions: []
tags: []
name: new name
throttle: null

47
x-pack/plugins/alerting/docs/openapi/components/examples/update_rule_response.yaml Normal file
View file

@ -0,0 +1,47 @@
summary: The update rule API returns a JSON object that contains details about the rule.
value:
id: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
consumer: alerts
tags: []
name: new name
enabled: true
throttle: null
schedule:
interval: 1m
params:
index: [".updated-index"]
timeField: "@timestamp"
groupBy: top
aggType: "avg"
timeWindowSize: 5
timeWindowUnit: m
thresholdComparator: ">"
threshold: [1000]
aggField: sheet.version
termField: name.keyword
termSize: 6
api_key_owner: elastic
created_by: elastic
updated_by: elastic
rule_type_id: .index-threshold
scheduled_task_id: 4c5eda00-e74f-11ec-b72f-5b18752ff9ea
created_at: '2022-12-12T22:43:20.578Z'
updated_at: '2022-12-12T22:44:21.783Z'
notify_when: onActionGroupChange
mute_all: false
muted_alert_ids: []
execution_status:
status: ok
last_execution_date: '2022-12-12T22:43:21.723Z'
last_duration: 125
actions: []
last_run:
alerts_count:
new: 0
ignored: 0
recovered: 0
active: 0
outcome_msg: null
warning: null
outcome: succeeded
next_run: '2022-12-12T22:44:21.653Z'

7
x-pack/plugins/alerting/docs/openapi/components/parameters/rule_id.yaml Normal file
View file

@ -0,0 +1,7 @@
in: path
name: ruleId
description: An identifier for the rule.
required: true
schema:
type: string
example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74

22
x-pack/plugins/alerting/docs/openapi/components/schemas/actions.yaml Normal file
View file

@ -0,0 +1,22 @@
type: array
default: []
required:
- group
- id
- params
nullable: true
items:
type: object
properties:
group:
type: string
description: The group name for the actions. If you don't need to group actions, set to `default`.
example: default
id:
type: string
description: The identifier for the connector saved object.
example: 9dca3e00-74f5-11ed-9801-35303b735aef
params:
type: object
description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
additionalProperties: true

8
x-pack/plugins/alerting/docs/openapi/components/schemas/notify_when.yaml Normal file
View file

@ -0,0 +1,8 @@
type: string
description: >
Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met.
enum:
- onActionGroupChange
- onActiveAlert
- onThrottleInterval
example: onActiveAlert

135
x-pack/plugins/alerting/docs/openapi/components/schemas/rule_response_properties.yaml Normal file
View file

@ -0,0 +1,135 @@
title: Rule response properties
type: object
required:
- actions
- api_key_owner
- consumer
- created_at
- created_by
- enabled
- execution_status
- id
- mute_all
- muted_alert_ids
- name
- notify_when
- params
- rule_type_id
- schedule
- tags
- throttle
- updated_at
- updated_by
properties:
actions:
$ref: 'actions.yaml'
api_key_owner:
type: string
nullable: true
example: elastic
consumer:
type: string
description: The application or feature that owns the rule. For example, `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
example: alerts
created_at:
type: string
description: The date and time that the rule was created.
format: date-time
example: '2022-12-05T23:36:58.284Z'
created_by:
type: string
description: The identifier for the user that created the rule.
nullable: true
example: elastic
enabled:
type: boolean
description: Indicates whether the rule is currently enabled.
example: true
execution_status:
type: object
properties:
last_duration:
type: integer
example: 55
last_execution_date:
type: string
format: date-time
example: '2022-12-06T00:13:43.890Z'
status:
type: string
example: ok
id:
type: string
description: The identifier for the rule.
example: b530fed0-74f5-11ed-9801-35303b735aef
last_run:
type: object
properties:
alerts_count:
type: object
properties:
active:
type: integer
ignored:
type: integer
new:
type: integer
recovered:
type: integer
outcome:
type: string
example: succeeded
outcome_msg:
type: string
nullable: true
example: null
warning:
type: string
nullable: true
example: null
muted_alert_ids:
type: array
nullable: true
items:
type: string
mute_all:
type: boolean
example: false
name:
type: string
description: The name of the rule.
example: cluster_health_rule
next_run:
type: string
format: date-time
nullable: true
example: '2022-12-06T00:14:43.818Z'
notify_when:
$ref: 'notify_when.yaml'
params:
type: object
description: The parameters for the rule.
additionalProperties: true
rule_type_id:
type: string
description: >
The identifier for the type of rule. For example, `.es-query`, `.index-threshold`, `logs.alert.document.count`, `monitoring_alert_cluster_health`, `siem.thresholdRule`, or `xpack.ml.anomaly_detection_alert`.
example: monitoring_alert_cluster_health
schedule:
$ref: 'schedule.yaml'
scheduled_task_id:
type: string
example: b530fed0-74f5-11ed-9801-35303b735aef
tags:
$ref: 'tags.yaml'
throttle:
$ref: 'throttle.yaml'
updated_at:
type: string
description: The date and time that the rule was updated most recently.
example: '2022-12-05T23:36:58.284Z'
updated_by:
type: string
description: The identifier for the user that updated this rule most recently.
nullable: true
example: elastic

6
x-pack/plugins/alerting/docs/openapi/components/schemas/schedule.yaml Normal file
View file

@ -0,0 +1,6 @@
type: object
description: The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.
properties:
interval:
type: string
example: 1m

5
x-pack/plugins/alerting/docs/openapi/components/schemas/tags.yaml Normal file
View file

@ -0,0 +1,5 @@
type: array
description: The tags for the rule.
items:
type: string
default: []

5
x-pack/plugins/alerting/docs/openapi/components/schemas/throttle.yaml Normal file
View file

@ -0,0 +1,5 @@
type: string
description: The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if `notify_when` is set to `onThrottleInterval`. It is specified in seconds, minutes, hours, or days.
nullable: true
default: null
example: 10m

28
x-pack/plugins/alerting/docs/openapi/components/schemas/update_rule_request.yaml Normal file
View file

@ -0,0 +1,28 @@
title: Update rule request
description: >-
The update rule API request body varies depending on the type of rule and actions.
type: object
required:
- name
- notify_when
- params
- schedule
properties:
actions:
$ref: 'actions.yaml'
name:
type: string
description: The name of the rule.
example: cluster_health_rule
notify_when:
$ref: 'notify_when.yaml'
params:
type: object
description: The parameters for the rule.
additionalProperties: true
schedule:
$ref: 'schedule.yaml'
tags:
$ref: 'tags.yaml'
throttle:
$ref: 'throttle.yaml'

4
x-pack/plugins/alerting/docs/openapi/entrypoint.yaml
View file

@ -15,8 +15,8 @@ servers:
- url: 'http://localhost:5601'
description: local
paths:
# '/s/{spaceId}/api/alerting/rule/{ruleId}':
# $ref: 'paths/s@{spaceid}@api@alerting@rule@{ruleid}.yaml'
'/s/{spaceId}/api/alerting/rule/{ruleId}':
$ref: 'paths/s@{spaceid}@api@alerting@rule@{ruleid}.yaml'
# '/s/{spaceId}/api/alerting/rule/{ruleId}/_disable':
# $ref: 'paths/s@{spaceid}@api@alerting@rule@{ruleid}@_disable.yaml'
# '/s/{spaceId}/api/alerting/rule/{ruleId}/_enable':

94
x-pack/plugins/alerting/docs/openapi/paths/s@{spaceid}@api@alerting@rule@{ruleid}.yaml Normal file
View file

@ -0,0 +1,94 @@
get:
summary: Retrieve a rule by its identifier.
operationId: getRule
description: >
You must have `read` privileges for the appropriate Kibana features,
depending on the `consumer` and `rule_type_id` of the rules you're seeking.
For example, the **Management > Stack Rules** feature,
**Analytics > Discover** and **Machine Learning** features, **Observability**
features, or **Security** features. To get rules associated with the
**Stack Monitoring** feature, use the `monitoring_user` built-in role.
tags:
- alerting
parameters:
- $ref: '../components/parameters/rule_id.yaml'
- $ref: '../components/parameters/space_id.yaml'
responses:
'200':
description: Indicates a successful call.
content:
application/json:
schema:
$ref: '../components/schemas/rule_response_properties.yaml'
examples:
updateRuleResponse:
$ref: '../components/examples/get_rule_response.yaml'
delete:
summary: Deletes a rule.
operationId: deleteRule
description: >
You must have `all` privileges for the appropriate Kibana features, depending
on the `consumer` and `rule_type_id` of the rule you're deleting. For example,
the **Management** > **Stack Rules** feature, **Analytics** > **Discover** or
**Machine Learning** features, **Observability**, or **Security** features.
WARNING: After you delete a rule, you cannot recover it.
tags:
- alerting
parameters:
- $ref: ../components/headers/kbn_xsrf.yaml
- $ref: '../components/parameters/rule_id.yaml'
- $ref: '../components/parameters/space_id.yaml'
responses:
'204':
description: Indicates a successful call.
servers:
- url: https://localhost:5601
put:
summary: Updates the attributes for a rule.
operationId: updateRule
description: >
You must have `all` privileges for the appropriate Kibana features,
depending on the `consumer` and `rule_type_id` of the rule you're updating.
For example, you must have privileges for the **Management > Stack rules**
feature, **Analytics > Discover** and **Machine Learning** features,
**Observability** features, or **Security** features. If the rule has
actions, you must also have `read` privileges for the
**Management > Actions and Connectors** feature. NOTE: This API supports
only token-based authentication. When you update a rule, it identifies which
roles you have at that point in time. Thereafter, when the rule performs
queries, it uses those security privileges. If you have different privileges
than the user that created or most recently updated the rule, you might
change its behavior. Though some properties are optional, when you update
the rule the existing property values are overwritten with default values.
Therefore, it is recommended to explicitly set all property values.
tags:
- alerting
parameters:
- $ref: ../components/headers/kbn_xsrf.yaml
- $ref: '../components/parameters/rule_id.yaml'
- $ref: '../components/parameters/space_id.yaml'
requestBody:
required: true
content:
application/json:
schema:
$ref: '../components/schemas/update_rule_request.yaml'
examples:
updateCaseRequest:
$ref: '../components/examples/update_rule_request.yaml'
responses:
'200':
description: Indicates a successful call.
content:
application/json:
schema:
$ref: '../components/schemas/rule_response_properties.yaml'
examples:
updateRuleResponse:
$ref: '../components/examples/update_rule_response.yaml'
servers:
- url: https://localhost:5601
servers:
- url: https://localhost:5601

149
x-pack/plugins/alerting/docs/openapi/paths/s@{spaceid}@api@alerting@rules@_find.yaml
View file

@ -103,154 +103,7 @@ get:
data:
type: array
items:
type: object
properties:
actions:
type: array
items:
type: object
properties:
group:
type: string
description: The group name for the actions.
example: default
id:
type: string
description: The identifier for the connector saved object.
example: 9dca3e00-74f5-11ed-9801-35303b735aef
params:
type: object
description: The parameters for the action, which are sent to the connector.
additionalProperties: true
api_key_owner:
type: string
nullable: true
example: elastic
consumer:
type: string
description: The application or feature that owns the rule. For example, `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
example: alerts
created_at:
type: string
description: The date and time that the rule as created.
format: date-time
example: '2022-12-05T23:36:58.284Z'
created_by:
type: string
description: The identifier for the user that created the rule.
nullable: true
example: elastic
enabled:
type: boolean
description: Indicates whether the rule is currently enabled.
example: true
execution_status:
type: object
properties:
status:
type: string
example: ok
last_execution_date:
type: string
format: date-time
example: '2022-12-06T00:13:43.890Z'
last_duration:
type: integer
example: 55
id:
type: string
description: The identifier for the rule.
example: b530fed0-74f5-11ed-9801-35303b735aef
last_run:
type: object
properties:
alerts_count:
type: object
properties:
new:
type: integer
nullable: true
ignored:
type: integer
nullable: true
recovered:
type: integer
nullable: true
active:
type: integer
nullable: true
outcome_msg:
type: string
nullable: true
example: null
warning:
type: string
nullable: true
example: null
outcome:
type: string
example: succeeded
muted_alert_ids:
type: array
items:
type: string
mute_all:
type: boolean
example: false
name:
type: string
description: The name of the rule.
example: cluster_health_rule
next_run:
type: string
format: date-time
nullable: true
example: '2022-12-06T00:14:43.818Z'
notify_when:
type: string
description: Indicates how often alerts generate actions.
enum:
- onActionGroupChange
- onActiveAlert
- onThrottleInterval
example: onActiveAlert
params:
type: object
description: The parameters for the rule.
additionalProperties: true
rule_type_id:
type: string
description: The identifier for the type of rule. For example, `.es-query`, `.index-threshold`, `logs.alert.document.count`, `monitoring_alert_cluster_health`, `siem.thresholdRule`, or `xpack.ml.anomaly_detection_alert`.
example: monitoring_alert_cluster_health
schedule:
type: object
description: The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.
properties:
interval:
type: string
example: 1m
scheduled_task_id:
type: string
example: b530fed0-74f5-11ed-9801-35303b735aef
tags:
type: array
description: The tags for the rule.
items:
type: string
throttle:
type: string
description: The throttle interval, which defines how often an alert generates repeated actions. It is applicable only if `notify_when` is set to `onThrottleInterval`. It is specified in seconds, minutes, hours, or days.
nullable: true
example: 10m
updated_at:
type: string
description: The date and time that the rule was updated most recently.
example: '2022-12-05T23:36:58.284Z'
updated_by:
type: string
description: The identifier for the user that updated this rule most recently.
nullable: true
example: elastic
$ref: '../components/schemas/rule_response_properties.yaml'
page:
type: integer
per_page: