mirror of
https://github.com/elastic/kibana.git
synced 2025-04-25 02:09:32 -04:00
4842 lines
383 KiB
Text
4842 lines
383 KiB
Text
////
|
|
This content is generated from the open API specification.
|
|
Any modifications made to this file will be overwritten.
|
|
////
|
|
|
|
++++
|
|
<div class="openapi">
|
|
<h2>Access</h2>
|
|
<ol>
|
|
<li>APIKey KeyParamName:ApiKey KeyInQuery:false KeyInHeader:true</li>
|
|
<li>HTTP Basic Authentication</li>
|
|
</ol>
|
|
|
|
<h2><a name="__Methods">Methods</a></h2>
|
|
[ Jump to <a href="#__Models">Models</a> ]
|
|
|
|
<h3>Table of Contents </h3>
|
|
<div class="method-summary"></div>
|
|
<h4><a href="#Alerting">Alerting</a></h4>
|
|
<ul>
|
|
<li><a href="#createRule"><code><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule</code></a></li>
|
|
<li><a href="#createRuleId"><code><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></a></li>
|
|
<li><a href="#deleteRule"><code><span class="http-method">delete</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></a></li>
|
|
<li><a href="#disableRule"><code><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/_disable</code></a></li>
|
|
<li><a href="#enableRule"><code><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/_enable</code></a></li>
|
|
<li><a href="#findRules"><code><span class="http-method">get</span> /s/{spaceId}/api/alerting/rules/_find</code></a></li>
|
|
<li><a href="#getAlertingHealth"><code><span class="http-method">get</span> /s/{spaceId}/api/alerting/_health</code></a></li>
|
|
<li><a href="#getRule"><code><span class="http-method">get</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></a></li>
|
|
<li><a href="#getRuleTypes"><code><span class="http-method">get</span> /s/{spaceId}/api/alerting/rule_types</code></a></li>
|
|
<li><a href="#legacyCreateAlert"><code><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}</code></a></li>
|
|
<li><a href="#legacyDisableAlert"><code><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/_disable</code></a></li>
|
|
<li><a href="#legacyEnableAlert"><code><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/_enable</code></a></li>
|
|
<li><a href="#legacyFindAlerts"><code><span class="http-method">get</span> /s/{spaceId}/api/alerts/alerts/_find</code></a></li>
|
|
<li><a href="#legacyGetAlert"><code><span class="http-method">get</span> /s/{spaceId}/api/alerts/alert/{alertId}</code></a></li>
|
|
<li><a href="#legacyGetAlertTypes"><code><span class="http-method">get</span> /s/{spaceId}/api/alerts/alerts/list_alert_types</code></a></li>
|
|
<li><a href="#legacyGetAlertingHealth"><code><span class="http-method">get</span> /s/{spaceId}/api/alerts/alerts/_health</code></a></li>
|
|
<li><a href="#legacyMuteAlertInstance"><code><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute</code></a></li>
|
|
<li><a href="#legacyMuteAllAlertInstances"><code><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/_mute_all</code></a></li>
|
|
<li><a href="#legacyUnmuteAlertInstance"><code><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute</code></a></li>
|
|
<li><a href="#legacyUnmuteAllAlertInstances"><code><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/_unmute_all</code></a></li>
|
|
<li><a href="#legacyUpdateAlert"><code><span class="http-method">put</span> /s/{spaceId}/api/alerts/alert/{alertId}</code></a></li>
|
|
<li><a href="#legaryDeleteAlert"><code><span class="http-method">delete</span> /s/{spaceId}/api/alerts/alert/{alertId}</code></a></li>
|
|
<li><a href="#muteAlert"><code><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/alert/{alertId}/_mute</code></a></li>
|
|
<li><a href="#muteAllAlerts"><code><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/_mute_all</code></a></li>
|
|
<li><a href="#unmuteAlert"><code><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/alert/{alertId}/_unmute</code></a></li>
|
|
<li><a href="#unmuteAllAlerts"><code><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/_unmute_all</code></a></li>
|
|
<li><a href="#updateRule"><code><span class="http-method">put</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></a></li>
|
|
</ul>
|
|
|
|
<h1><a name="Alerting">Alerting</a></h1>
|
|
<div class="method"><a name="createRule"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule</code></pre></div>
|
|
<div class="method-summary">Creates a rule with a randomly generated rule identifier. (<span class="nickname">createRule</span>)</div>
|
|
<div class="method-notes">To create a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're creating. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Consumes</h3>
|
|
This API call consumes the following media types via the <span class="header">Content-Type</span> request header:
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Request body</h3>
|
|
<div class="field-items">
|
|
<div class="param">create_rule_request <a href="#create_rule_request">create_rule_request</a> (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Body Parameter</span> — </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#rule_response_properties">rule_response_properties</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"throttle" : "10m",
|
|
"created_at" : "2022-12-05T23:36:58.284Z",
|
|
"api_key_created_by_user" : false,
|
|
"enabled" : true,
|
|
"running" : true,
|
|
"notify_when" : "notify_when",
|
|
"next_run" : "2022-12-06T00:14:43.818Z",
|
|
"updated_at" : "2022-12-05T23:36:58.284Z",
|
|
"execution_status" : {
|
|
"last_execution_date" : "2022-12-06T00:13:43.89Z",
|
|
"last_duration" : 55,
|
|
"status" : "ok"
|
|
},
|
|
"scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"consumer" : "alerts",
|
|
"last_run" : {
|
|
"alerts_count" : {
|
|
"ignored" : 6,
|
|
"new" : 1,
|
|
"recovered" : 5,
|
|
"active" : 0
|
|
},
|
|
"outcome_msg" : [ "outcome_msg", "outcome_msg" ],
|
|
"outcome_order" : 5,
|
|
"warning" : "warning",
|
|
"outcome" : "succeeded"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"created_by" : "elastic",
|
|
"muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
|
|
"rule_type_id" : "monitoring_alert_cluster_health",
|
|
"revision" : 2,
|
|
"tags" : [ "tags", "tags" ],
|
|
"api_key_owner" : "elastic",
|
|
"schedule" : {
|
|
"interval" : "1m"
|
|
},
|
|
"name" : "cluster_health_rule",
|
|
"updated_by" : "elastic",
|
|
"mute_all" : false,
|
|
"actions" : [ {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
}, {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
} ]
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#rule_response_properties">rule_response_properties</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
<h4 class="field-label">404</h4>
|
|
Object is not found.
|
|
<a href="#404_response">404_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="createRuleId"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></pre></div>
|
|
<div class="method-summary">Creates a rule with a specific rule identifier. (<span class="nickname">createRuleId</span>)</div>
|
|
<div class="method-notes">To create a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're creating. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An UUID v1 or v4 identifier for the rule. If you omit this parameter, an identifier is randomly generated. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Consumes</h3>
|
|
This API call consumes the following media types via the <span class="header">Content-Type</span> request header:
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Request body</h3>
|
|
<div class="field-items">
|
|
<div class="param">create_rule_request <a href="#create_rule_request">create_rule_request</a> (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Body Parameter</span> — </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#rule_response_properties">rule_response_properties</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"throttle" : "10m",
|
|
"created_at" : "2022-12-05T23:36:58.284Z",
|
|
"api_key_created_by_user" : false,
|
|
"enabled" : true,
|
|
"running" : true,
|
|
"notify_when" : "notify_when",
|
|
"next_run" : "2022-12-06T00:14:43.818Z",
|
|
"updated_at" : "2022-12-05T23:36:58.284Z",
|
|
"execution_status" : {
|
|
"last_execution_date" : "2022-12-06T00:13:43.89Z",
|
|
"last_duration" : 55,
|
|
"status" : "ok"
|
|
},
|
|
"scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"consumer" : "alerts",
|
|
"last_run" : {
|
|
"alerts_count" : {
|
|
"ignored" : 6,
|
|
"new" : 1,
|
|
"recovered" : 5,
|
|
"active" : 0
|
|
},
|
|
"outcome_msg" : [ "outcome_msg", "outcome_msg" ],
|
|
"outcome_order" : 5,
|
|
"warning" : "warning",
|
|
"outcome" : "succeeded"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"created_by" : "elastic",
|
|
"muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
|
|
"rule_type_id" : "monitoring_alert_cluster_health",
|
|
"revision" : 2,
|
|
"tags" : [ "tags", "tags" ],
|
|
"api_key_owner" : "elastic",
|
|
"schedule" : {
|
|
"interval" : "1m"
|
|
},
|
|
"name" : "cluster_health_rule",
|
|
"updated_by" : "elastic",
|
|
"mute_all" : false,
|
|
"actions" : [ {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
}, {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
} ]
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#rule_response_properties">rule_response_properties</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
<h4 class="field-label">404</h4>
|
|
Object is not found.
|
|
<a href="#404_response">404_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="deleteRule"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="delete"><code class="huge"><span class="http-method">delete</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></pre></div>
|
|
<div class="method-summary">Deletes a rule. (<span class="nickname">deleteRule</span>)</div>
|
|
<div class="method-notes">To delete a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're deleting. For example, the <strong>Management</strong> > <strong>Stack Rules</strong> feature, <strong>Analytics</strong> > <strong>Discover</strong> or <strong>Machine Learning</strong> features, <strong>Observability</strong>, or <strong>Security</strong> features. WARNING: After you delete a rule, you cannot recover it. If the API key that is used by the rule was created automatically, it is deleted.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
<h4 class="field-label">404</h4>
|
|
Object is not found.
|
|
<a href="#404_response">404_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="disableRule"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/_disable</code></pre></div>
|
|
<div class="method-summary">Disables a rule. (<span class="nickname">disableRule</span>)</div>
|
|
<div class="method-notes">You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule. For example, the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong>, and <strong>Security</strong> features.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
<h4 class="field-label">404</h4>
|
|
Object is not found.
|
|
<a href="#404_response">404_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="enableRule"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/_enable</code></pre></div>
|
|
<div class="method-summary">Enables a rule. (<span class="nickname">enableRule</span>)</div>
|
|
<div class="method-notes">To enable a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule. For example, the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong>, and <strong>Security</strong> features. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
<h4 class="field-label">404</h4>
|
|
Object is not found.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="findRules"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="get"><code class="huge"><span class="http-method">get</span> /s/{spaceId}/api/alerting/rules/_find</code></pre></div>
|
|
<div class="method-summary">Retrieves information about rules. (<span class="nickname">findRules</span>)</div>
|
|
<div class="method-notes">You must have <code>read</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rules you're seeking. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. To find rules associated with the <strong>Stack Monitoring</strong> feature, use the <code>monitoring_user</code> built-in role.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<h3 class="field-label">Query parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">default_search_operator (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The default operator to use for the simple_query_string. default: OR </div><div class="param">fields (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The fields to return in the <code>attributes</code> key of the response. default: null </div><div class="param">filter (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — A KQL string that you filter with an attribute from your saved object. It should look like <code>savedObjectType.attributes.title: "myTitle"</code>. However, if you used a direct attribute of a saved object, such as <code>updatedAt</code>, you must define your filter, for example, <code>savedObjectType.updatedAt > 2018-12-22</code>. default: null </div><div class="param">has_reference (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — Filters the rules that have a relation with the reference objects with a specific type and identifier. default: null </div><div class="param">page (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The page number to return. default: 1 </div><div class="param">per_page (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The number of rules to return per page. default: 20 </div><div class="param">search (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — An Elasticsearch simple_query_string query that filters the objects in the response. default: null </div><div class="param">search_fields (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The fields to perform the simple_query_string parsed query against. default: null </div><div class="param">sort_field (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — Determines which field is used to sort the results. The field must exist in the <code>attributes</code> key of the response. default: null </div><div class="param">sort_order (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — Determines the sort order. default: desc </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#findRules_200_response">findRules_200_response</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"per_page" : 6,
|
|
"total" : 1,
|
|
"data" : [ {
|
|
"throttle" : "10m",
|
|
"created_at" : "2022-12-05T23:36:58.284Z",
|
|
"api_key_created_by_user" : false,
|
|
"enabled" : true,
|
|
"running" : true,
|
|
"notify_when" : "notify_when",
|
|
"next_run" : "2022-12-06T00:14:43.818Z",
|
|
"updated_at" : "2022-12-05T23:36:58.284Z",
|
|
"execution_status" : {
|
|
"last_execution_date" : "2022-12-06T00:13:43.89Z",
|
|
"last_duration" : 55,
|
|
"status" : "ok"
|
|
},
|
|
"scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"consumer" : "alerts",
|
|
"last_run" : {
|
|
"alerts_count" : {
|
|
"ignored" : 6,
|
|
"new" : 1,
|
|
"recovered" : 5,
|
|
"active" : 0
|
|
},
|
|
"outcome_msg" : [ "outcome_msg", "outcome_msg" ],
|
|
"outcome_order" : 5,
|
|
"warning" : "warning",
|
|
"outcome" : "succeeded"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"created_by" : "elastic",
|
|
"muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
|
|
"rule_type_id" : "monitoring_alert_cluster_health",
|
|
"revision" : 2,
|
|
"tags" : [ "tags", "tags" ],
|
|
"api_key_owner" : "elastic",
|
|
"schedule" : {
|
|
"interval" : "1m"
|
|
},
|
|
"name" : "cluster_health_rule",
|
|
"updated_by" : "elastic",
|
|
"mute_all" : false,
|
|
"actions" : [ {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
}, {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
} ]
|
|
}, {
|
|
"throttle" : "10m",
|
|
"created_at" : "2022-12-05T23:36:58.284Z",
|
|
"api_key_created_by_user" : false,
|
|
"enabled" : true,
|
|
"running" : true,
|
|
"notify_when" : "notify_when",
|
|
"next_run" : "2022-12-06T00:14:43.818Z",
|
|
"updated_at" : "2022-12-05T23:36:58.284Z",
|
|
"execution_status" : {
|
|
"last_execution_date" : "2022-12-06T00:13:43.89Z",
|
|
"last_duration" : 55,
|
|
"status" : "ok"
|
|
},
|
|
"scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"consumer" : "alerts",
|
|
"last_run" : {
|
|
"alerts_count" : {
|
|
"ignored" : 6,
|
|
"new" : 1,
|
|
"recovered" : 5,
|
|
"active" : 0
|
|
},
|
|
"outcome_msg" : [ "outcome_msg", "outcome_msg" ],
|
|
"outcome_order" : 5,
|
|
"warning" : "warning",
|
|
"outcome" : "succeeded"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"created_by" : "elastic",
|
|
"muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
|
|
"rule_type_id" : "monitoring_alert_cluster_health",
|
|
"revision" : 2,
|
|
"tags" : [ "tags", "tags" ],
|
|
"api_key_owner" : "elastic",
|
|
"schedule" : {
|
|
"interval" : "1m"
|
|
},
|
|
"name" : "cluster_health_rule",
|
|
"updated_by" : "elastic",
|
|
"mute_all" : false,
|
|
"actions" : [ {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
}, {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
} ]
|
|
} ],
|
|
"page" : 0
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#findRules_200_response">findRules_200_response</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="getAlertingHealth"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="get"><code class="huge"><span class="http-method">get</span> /s/{spaceId}/api/alerting/_health</code></pre></div>
|
|
<div class="method-summary">Retrieves the health status of the alerting framework. (<span class="nickname">getAlertingHealth</span>)</div>
|
|
<div class="method-notes">You must have <code>read</code> privileges for the <strong>Management > Stack Rules</strong> feature or for at least one of the <strong>Analytics > Discover</strong>, <strong>Analytics > Machine Learning</strong>, <strong>Observability</strong>, or <strong>Security</strong> features.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#getAlertingHealth_200_response">getAlertingHealth_200_response</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"alerting_framework_health" : {
|
|
"execution_health" : {
|
|
"status" : "ok",
|
|
"timestamp" : "2023-01-13T01:28:00.28Z"
|
|
},
|
|
"read_health" : {
|
|
"status" : "ok",
|
|
"timestamp" : "2023-01-13T01:28:00.28Z"
|
|
},
|
|
"decryption_health" : {
|
|
"status" : "ok",
|
|
"timestamp" : "2023-01-13T01:28:00.28Z"
|
|
}
|
|
},
|
|
"has_permanent_encryption_key" : true,
|
|
"is_sufficiently_secure" : true
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#getAlertingHealth_200_response">getAlertingHealth_200_response</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="getRule"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="get"><code class="huge"><span class="http-method">get</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></pre></div>
|
|
<div class="method-summary">Retrieves a rule by its identifier. (<span class="nickname">getRule</span>)</div>
|
|
<div class="method-notes">You must have <code>read</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rules you're seeking. For example, the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. To get rules associated with the <strong>Stack Monitoring</strong> feature, use the <code>monitoring_user</code> built-in role.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#rule_response_properties">rule_response_properties</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"throttle" : "10m",
|
|
"created_at" : "2022-12-05T23:36:58.284Z",
|
|
"api_key_created_by_user" : false,
|
|
"enabled" : true,
|
|
"running" : true,
|
|
"notify_when" : "notify_when",
|
|
"next_run" : "2022-12-06T00:14:43.818Z",
|
|
"updated_at" : "2022-12-05T23:36:58.284Z",
|
|
"execution_status" : {
|
|
"last_execution_date" : "2022-12-06T00:13:43.89Z",
|
|
"last_duration" : 55,
|
|
"status" : "ok"
|
|
},
|
|
"scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"consumer" : "alerts",
|
|
"last_run" : {
|
|
"alerts_count" : {
|
|
"ignored" : 6,
|
|
"new" : 1,
|
|
"recovered" : 5,
|
|
"active" : 0
|
|
},
|
|
"outcome_msg" : [ "outcome_msg", "outcome_msg" ],
|
|
"outcome_order" : 5,
|
|
"warning" : "warning",
|
|
"outcome" : "succeeded"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"created_by" : "elastic",
|
|
"muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
|
|
"rule_type_id" : "monitoring_alert_cluster_health",
|
|
"revision" : 2,
|
|
"tags" : [ "tags", "tags" ],
|
|
"api_key_owner" : "elastic",
|
|
"schedule" : {
|
|
"interval" : "1m"
|
|
},
|
|
"name" : "cluster_health_rule",
|
|
"updated_by" : "elastic",
|
|
"mute_all" : false,
|
|
"actions" : [ {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
}, {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
} ]
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#rule_response_properties">rule_response_properties</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
<h4 class="field-label">404</h4>
|
|
Object is not found.
|
|
<a href="#404_response">404_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="getRuleTypes"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="get"><code class="huge"><span class="http-method">get</span> /s/{spaceId}/api/alerting/rule_types</code></pre></div>
|
|
<div class="method-summary">Retrieves a list of rule types. (<span class="nickname">getRuleTypes</span>)</div>
|
|
<div class="method-notes">If you have <code>read</code> privileges for one or more Kibana features, the API response contains information about the appropriate rule types. For example, there are rule types associated with the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, and <strong>Security</strong> features. To get rule types associated with the <strong>Stack Monitoring</strong> feature, use the <code>monitoring_user</code> built-in role.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
array[<a href="#getRuleTypes_200_response_inner">getRuleTypes_200_response_inner</a>]
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"recovery_action_group" : {
|
|
"name" : "name",
|
|
"id" : "id"
|
|
},
|
|
"does_set_recovery_context" : true,
|
|
"is_exportable" : true,
|
|
"authorized_consumers" : {
|
|
"alerts" : {
|
|
"all" : true,
|
|
"read" : true
|
|
},
|
|
"discover" : {
|
|
"all" : true,
|
|
"read" : true
|
|
},
|
|
"stackAlerts" : {
|
|
"all" : true,
|
|
"read" : true
|
|
},
|
|
"infrastructure" : {
|
|
"all" : true,
|
|
"read" : true
|
|
},
|
|
"siem" : {
|
|
"all" : true,
|
|
"read" : true
|
|
},
|
|
"monitoring" : {
|
|
"all" : true,
|
|
"read" : true
|
|
},
|
|
"logs" : {
|
|
"all" : true,
|
|
"read" : true
|
|
},
|
|
"apm" : {
|
|
"all" : true,
|
|
"read" : true
|
|
},
|
|
"ml" : {
|
|
"all" : true,
|
|
"read" : true
|
|
},
|
|
"uptime" : {
|
|
"all" : true,
|
|
"read" : true
|
|
}
|
|
},
|
|
"action_groups" : [ {
|
|
"name" : "name",
|
|
"id" : "id"
|
|
}, {
|
|
"name" : "name",
|
|
"id" : "id"
|
|
} ],
|
|
"minimum_license_required" : "basic",
|
|
"action_variables" : {
|
|
"context" : [ {
|
|
"name" : "name",
|
|
"description" : "description",
|
|
"useWithTripleBracesInTemplates" : true
|
|
}, {
|
|
"name" : "name",
|
|
"description" : "description",
|
|
"useWithTripleBracesInTemplates" : true
|
|
} ],
|
|
"state" : [ {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
}, {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
} ],
|
|
"params" : [ {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
}, {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
} ]
|
|
},
|
|
"rule_task_timeout" : "5m",
|
|
"name" : "name",
|
|
"enabled_in_license" : true,
|
|
"producer" : "stackAlerts",
|
|
"id" : "id",
|
|
"default_action_group_id" : "default_action_group_id"
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyCreateAlert"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}</code></pre></div>
|
|
<div class="method-summary">Create an alert. (<span class="nickname">legacyCreateAlert</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the create rule API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An UUID v1 or v4 identifier for the alert. If this parameter is omitted, the identifier is randomly generated. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Consumes</h3>
|
|
This API call consumes the following media types via the <span class="header">Content-Type</span> request header:
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Request body</h3>
|
|
<div class="field-items">
|
|
<div class="param">Legacy_create_alert_request_properties <a href="#Legacy_create_alert_request_properties">Legacy_create_alert_request_properties</a> (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Body Parameter</span> — </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#alert_response_properties">alert_response_properties</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"alertTypeId" : ".index-threshold",
|
|
"throttle" : "throttle",
|
|
"updatedBy" : "elastic",
|
|
"executionStatus" : {
|
|
"lastExecutionDate" : "2022-12-06T00:13:43.89Z",
|
|
"status" : "ok"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"enabled" : true,
|
|
"mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
|
|
"tags" : [ "tags", "tags" ],
|
|
"createdAt" : "2022-12-05T23:36:58.284Z",
|
|
"schedule" : {
|
|
"interval" : "interval"
|
|
},
|
|
"notifyWhen" : "onActionGroupChange",
|
|
"createdBy" : "elastic",
|
|
"muteAll" : false,
|
|
"name" : "my alert",
|
|
"scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"actions" : [ "{}", "{}" ],
|
|
"apiKeyOwner" : "elastic",
|
|
"updatedAt" : "2022-12-05T23:36:58.284Z"
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#alert_response_properties">alert_response_properties</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyDisableAlert"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/_disable</code></pre></div>
|
|
<div class="method-summary">Disables an alert. (<span class="nickname">legacyDisableAlert</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the disable rule API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — The identifier for the alert. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyEnableAlert"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/_enable</code></pre></div>
|
|
<div class="method-summary">Enables an alert. (<span class="nickname">legacyEnableAlert</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the enable rule API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — The identifier for the alert. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyFindAlerts"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="get"><code class="huge"><span class="http-method">get</span> /s/{spaceId}/api/alerts/alerts/_find</code></pre></div>
|
|
<div class="method-summary">Retrieves a paginated set of alerts. (<span class="nickname">legacyFindAlerts</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert <code>params</code> are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<h3 class="field-label">Query parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">default_search_operator (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The default operator to use for the <code>simple_query_string</code>. default: OR </div><div class="param">fields (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The fields to return in the <code>attributes</code> key of the response. default: null </div><div class="param">filter (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — A KQL string that you filter with an attribute from your saved object. It should look like <code>savedObjectType.attributes.title: "myTitle"</code>. However, if you used a direct attribute of a saved object, such as <code>updatedAt</code>, you must define your filter, for example, <code>savedObjectType.updatedAt > 2018-12-22</code>. default: null </div><div class="param">has_reference (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — Filters the rules that have a relation with the reference objects with a specific type and identifier. default: null </div><div class="param">page (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The page number to return. default: 1 </div><div class="param">per_page (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The number of alerts to return per page. default: 20 </div><div class="param">search (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — An Elasticsearch <code>simple_query_string</code> query that filters the alerts in the response. default: null </div><div class="param">search_fields (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — The fields to perform the <code>simple_query_string</code> parsed query against. default: null </div><div class="param">sort_field (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — Determines which field is used to sort the results. The field must exist in the <code>attributes</code> key of the response. default: null </div><div class="param">sort_order (optional)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Query Parameter</span> — Determines the sort order. default: desc </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#legacyFindAlerts_200_response">legacyFindAlerts_200_response</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"total" : 1,
|
|
"perPage" : 6,
|
|
"data" : [ {
|
|
"alertTypeId" : ".index-threshold",
|
|
"throttle" : "throttle",
|
|
"updatedBy" : "elastic",
|
|
"executionStatus" : {
|
|
"lastExecutionDate" : "2022-12-06T00:13:43.89Z",
|
|
"status" : "ok"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"enabled" : true,
|
|
"mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
|
|
"tags" : [ "tags", "tags" ],
|
|
"createdAt" : "2022-12-05T23:36:58.284Z",
|
|
"schedule" : {
|
|
"interval" : "interval"
|
|
},
|
|
"notifyWhen" : "onActionGroupChange",
|
|
"createdBy" : "elastic",
|
|
"muteAll" : false,
|
|
"name" : "my alert",
|
|
"scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"actions" : [ "{}", "{}" ],
|
|
"apiKeyOwner" : "elastic",
|
|
"updatedAt" : "2022-12-05T23:36:58.284Z"
|
|
}, {
|
|
"alertTypeId" : ".index-threshold",
|
|
"throttle" : "throttle",
|
|
"updatedBy" : "elastic",
|
|
"executionStatus" : {
|
|
"lastExecutionDate" : "2022-12-06T00:13:43.89Z",
|
|
"status" : "ok"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"enabled" : true,
|
|
"mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
|
|
"tags" : [ "tags", "tags" ],
|
|
"createdAt" : "2022-12-05T23:36:58.284Z",
|
|
"schedule" : {
|
|
"interval" : "interval"
|
|
},
|
|
"notifyWhen" : "onActionGroupChange",
|
|
"createdBy" : "elastic",
|
|
"muteAll" : false,
|
|
"name" : "my alert",
|
|
"scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"actions" : [ "{}", "{}" ],
|
|
"apiKeyOwner" : "elastic",
|
|
"updatedAt" : "2022-12-05T23:36:58.284Z"
|
|
} ],
|
|
"page" : 0
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#legacyFindAlerts_200_response">legacyFindAlerts_200_response</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyGetAlert"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="get"><code class="huge"><span class="http-method">get</span> /s/{spaceId}/api/alerts/alert/{alertId}</code></pre></div>
|
|
<div class="method-summary">Retrieves an alert by its identifier. (<span class="nickname">legacyGetAlert</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the get rule API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — The identifier for the alert. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#alert_response_properties">alert_response_properties</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"alertTypeId" : ".index-threshold",
|
|
"throttle" : "throttle",
|
|
"updatedBy" : "elastic",
|
|
"executionStatus" : {
|
|
"lastExecutionDate" : "2022-12-06T00:13:43.89Z",
|
|
"status" : "ok"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"enabled" : true,
|
|
"mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
|
|
"tags" : [ "tags", "tags" ],
|
|
"createdAt" : "2022-12-05T23:36:58.284Z",
|
|
"schedule" : {
|
|
"interval" : "interval"
|
|
},
|
|
"notifyWhen" : "onActionGroupChange",
|
|
"createdBy" : "elastic",
|
|
"muteAll" : false,
|
|
"name" : "my alert",
|
|
"scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"actions" : [ "{}", "{}" ],
|
|
"apiKeyOwner" : "elastic",
|
|
"updatedAt" : "2022-12-05T23:36:58.284Z"
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#alert_response_properties">alert_response_properties</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyGetAlertTypes"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="get"><code class="huge"><span class="http-method">get</span> /s/{spaceId}/api/alerts/alerts/list_alert_types</code></pre></div>
|
|
<div class="method-summary">Retrieves a list of alert types. (<span class="nickname">legacyGetAlertTypes</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the get rule types API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
array[<a href="#legacyGetAlertTypes_200_response_inner">legacyGetAlertTypes_200_response_inner</a>]
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"defaultActionGroupId" : "defaultActionGroupId",
|
|
"isExportable" : true,
|
|
"actionVariables" : {
|
|
"context" : [ {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
}, {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
} ],
|
|
"state" : [ {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
}, {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
} ],
|
|
"params" : [ {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
}, {
|
|
"name" : "name",
|
|
"description" : "description"
|
|
} ]
|
|
},
|
|
"actionGroups" : [ {
|
|
"name" : "name",
|
|
"id" : "id"
|
|
}, {
|
|
"name" : "name",
|
|
"id" : "id"
|
|
} ],
|
|
"name" : "name",
|
|
"producer" : "producer",
|
|
"authorizedConsumers" : "{}",
|
|
"recoveryActionGroup" : {
|
|
"name" : "name",
|
|
"id" : "id"
|
|
},
|
|
"enabledInLicense" : true,
|
|
"id" : "id",
|
|
"minimumLicenseRequired" : "minimumLicenseRequired"
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyGetAlertingHealth"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="get"><code class="huge"><span class="http-method">get</span> /s/{spaceId}/api/alerts/alerts/_health</code></pre></div>
|
|
<div class="method-summary">Retrieves the health status of the alerting framework. (<span class="nickname">legacyGetAlertingHealth</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the get alerting framework health API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#legacyGetAlertingHealth_200_response">legacyGetAlertingHealth_200_response</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"hasPermanentEncryptionKey" : true,
|
|
"alertingFrameworkHealth" : {
|
|
"executionHealth" : {
|
|
"status" : "ok",
|
|
"timestamp" : "2023-01-13T01:28:00.28Z"
|
|
},
|
|
"decryptionHealth" : {
|
|
"status" : "ok",
|
|
"timestamp" : "2023-01-13T01:28:00.28Z"
|
|
},
|
|
"readHealth" : {
|
|
"status" : "ok",
|
|
"timestamp" : "2023-01-13T01:28:00.28Z"
|
|
}
|
|
},
|
|
"isSufficientlySecure" : true
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#legacyGetAlertingHealth_200_response">legacyGetAlertingHealth_200_response</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyMuteAlertInstance"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute</code></pre></div>
|
|
<div class="method-summary">Mutes an alert instance. (<span class="nickname">legacyMuteAlertInstance</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the mute alert API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the alert. default: null </div><div class="param">alertInstanceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the alert instance. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyMuteAllAlertInstances"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/_mute_all</code></pre></div>
|
|
<div class="method-summary">Mutes all alert instances. (<span class="nickname">legacyMuteAllAlertInstances</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the mute all alerts API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — The identifier for the alert. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyUnmuteAlertInstance"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute</code></pre></div>
|
|
<div class="method-summary">Unmutes an alert instance. (<span class="nickname">legacyUnmuteAlertInstance</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the unmute alert API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the alert. default: null </div><div class="param">alertInstanceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the alert instance. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyUnmuteAllAlertInstances"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerts/alert/{alertId}/_unmute_all</code></pre></div>
|
|
<div class="method-summary">Unmutes all alert instances. (<span class="nickname">legacyUnmuteAllAlertInstances</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the unmute all alerts API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — The identifier for the alert. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legacyUpdateAlert"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="put"><code class="huge"><span class="http-method">put</span> /s/{spaceId}/api/alerts/alert/{alertId}</code></pre></div>
|
|
<div class="method-summary">Updates the attributes for an alert. (<span class="nickname">legacyUpdateAlert</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the update rule API instead.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — The identifier for the alert. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Consumes</h3>
|
|
This API call consumes the following media types via the <span class="header">Content-Type</span> request header:
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Request body</h3>
|
|
<div class="field-items">
|
|
<div class="param">Legacy_update_alert_request_properties <a href="#Legacy_update_alert_request_properties">Legacy_update_alert_request_properties</a> (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Body Parameter</span> — </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#alert_response_properties">alert_response_properties</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"alertTypeId" : ".index-threshold",
|
|
"throttle" : "throttle",
|
|
"updatedBy" : "elastic",
|
|
"executionStatus" : {
|
|
"lastExecutionDate" : "2022-12-06T00:13:43.89Z",
|
|
"status" : "ok"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"enabled" : true,
|
|
"mutedInstanceIds" : [ "mutedInstanceIds", "mutedInstanceIds" ],
|
|
"tags" : [ "tags", "tags" ],
|
|
"createdAt" : "2022-12-05T23:36:58.284Z",
|
|
"schedule" : {
|
|
"interval" : "interval"
|
|
},
|
|
"notifyWhen" : "onActionGroupChange",
|
|
"createdBy" : "elastic",
|
|
"muteAll" : false,
|
|
"name" : "my alert",
|
|
"scheduledTaskId" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"actions" : [ "{}", "{}" ],
|
|
"apiKeyOwner" : "elastic",
|
|
"updatedAt" : "2022-12-05T23:36:58.284Z"
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#alert_response_properties">alert_response_properties</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="legaryDeleteAlert"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="delete"><code class="huge"><span class="http-method">delete</span> /s/{spaceId}/api/alerts/alert/{alertId}</code></pre></div>
|
|
<div class="method-summary">Permanently removes an alert. (<span class="nickname">legaryDeleteAlert</span>)</div>
|
|
<div class="method-notes">Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After you delete an alert, you cannot recover it.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div><div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — The identifier for the alert. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="muteAlert"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/alert/{alertId}/_mute</code></pre></div>
|
|
<div class="method-summary">Mutes an alert. (<span class="nickname">muteAlert</span>)</div>
|
|
<div class="method-notes">You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule. For example, the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong>, and <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the alert. The identifier is generated by the rule and might be any arbitrary string. default: null </div><div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="muteAllAlerts"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/_mute_all</code></pre></div>
|
|
<div class="method-summary">Mutes all alerts. (<span class="nickname">muteAllAlerts</span>)</div>
|
|
<div class="method-notes">This API snoozes the notifications for the rule indefinitely. The rule checks continue to occur but alerts will not trigger any actions. You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule. For example, the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong>, and <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="unmuteAlert"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/alert/{alertId}/_unmute</code></pre></div>
|
|
<div class="method-summary">Unmutes an alert. (<span class="nickname">unmuteAlert</span>)</div>
|
|
<div class="method-notes">You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule. For example, the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong>, and <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">alertId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the alert. The identifier is generated by the rule and might be any arbitrary string. default: null </div><div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="unmuteAllAlerts"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="post"><code class="huge"><span class="http-method">post</span> /s/{spaceId}/api/alerting/rule/{ruleId}/_unmute_all</code></pre></div>
|
|
<div class="method-summary">Unmutes all alerts. (<span class="nickname">unmuteAllAlerts</span>)</div>
|
|
<div class="method-notes">If the rule has its notifications snoozed indefinitely, this API cancels the snooze. You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule. For example, the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong>, and <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">204</h4>
|
|
Indicates a successful call.
|
|
<a href="#"></a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
<div class="method"><a name="updateRule"/>
|
|
<div class="method-path">
|
|
<a class="up" href="#__Methods">Up</a>
|
|
<pre class="put"><code class="huge"><span class="http-method">put</span> /s/{spaceId}/api/alerting/rule/{ruleId}</code></pre></div>
|
|
<div class="method-summary">Updates the attributes for a rule. (<span class="nickname">updateRule</span>)</div>
|
|
<div class="method-notes">To update a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're updating. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs. NOTE: If the API key has different privileges than the key that created or most recently updated the rule, the rule behavior might change. Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.</div>
|
|
|
|
<h3 class="field-label">Path parameters</h3>
|
|
<div class="field-items">
|
|
<div class="param">ruleId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the rule. default: null </div><div class="param">spaceId (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Path Parameter</span> — An identifier for the space. If <code>/s/</code> and the identifier are omitted from the path, the default space is used. default: null </div>
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Consumes</h3>
|
|
This API call consumes the following media types via the <span class="header">Content-Type</span> request header:
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Request body</h3>
|
|
<div class="field-items">
|
|
<div class="param">update_rule_request <a href="#update_rule_request">update_rule_request</a> (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Body Parameter</span> — </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
<h3 class="field-label">Request headers</h3>
|
|
<div class="field-items">
|
|
<div class="param">kbn-xsrf (required)</div>
|
|
|
|
<div class="param-desc"><span class="param-type">Header Parameter</span> — Cross-site request forgery protection default: null </div>
|
|
|
|
</div> <!-- field-items -->
|
|
|
|
|
|
|
|
<h3 class="field-label">Return type</h3>
|
|
<div class="return-type">
|
|
<a href="#rule_response_properties">rule_response_properties</a>
|
|
|
|
</div>
|
|
|
|
<!--Todo: process Response Object and its headers, schema, examples -->
|
|
|
|
<h3 class="field-label">Example data</h3>
|
|
<div class="example-data-content-type">Content-Type: application/json</div>
|
|
<pre class="example"><code>{
|
|
"throttle" : "10m",
|
|
"created_at" : "2022-12-05T23:36:58.284Z",
|
|
"api_key_created_by_user" : false,
|
|
"enabled" : true,
|
|
"running" : true,
|
|
"notify_when" : "notify_when",
|
|
"next_run" : "2022-12-06T00:14:43.818Z",
|
|
"updated_at" : "2022-12-05T23:36:58.284Z",
|
|
"execution_status" : {
|
|
"last_execution_date" : "2022-12-06T00:13:43.89Z",
|
|
"last_duration" : 55,
|
|
"status" : "ok"
|
|
},
|
|
"scheduled_task_id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"id" : "b530fed0-74f5-11ed-9801-35303b735aef",
|
|
"consumer" : "alerts",
|
|
"last_run" : {
|
|
"alerts_count" : {
|
|
"ignored" : 6,
|
|
"new" : 1,
|
|
"recovered" : 5,
|
|
"active" : 0
|
|
},
|
|
"outcome_msg" : [ "outcome_msg", "outcome_msg" ],
|
|
"outcome_order" : 5,
|
|
"warning" : "warning",
|
|
"outcome" : "succeeded"
|
|
},
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"created_by" : "elastic",
|
|
"muted_alert_ids" : [ "muted_alert_ids", "muted_alert_ids" ],
|
|
"rule_type_id" : "monitoring_alert_cluster_health",
|
|
"revision" : 2,
|
|
"tags" : [ "tags", "tags" ],
|
|
"api_key_owner" : "elastic",
|
|
"schedule" : {
|
|
"interval" : "1m"
|
|
},
|
|
"name" : "cluster_health_rule",
|
|
"updated_by" : "elastic",
|
|
"mute_all" : false,
|
|
"actions" : [ {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
}, {
|
|
"alerts_filter" : {
|
|
"timeframe" : {
|
|
"hours" : {
|
|
"start" : "08:00",
|
|
"end" : "17:00"
|
|
},
|
|
"timezone" : "Europe/Madrid",
|
|
"days" : [ 1, 2, 3, 4, 5 ]
|
|
},
|
|
"query" : {
|
|
"kql" : "kql",
|
|
"filters" : [ {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
}, {
|
|
"$state" : "{}",
|
|
"meta" : {
|
|
"field" : "field",
|
|
"controlledBy" : "controlledBy",
|
|
"negate" : true,
|
|
"alias" : "alias",
|
|
"index" : "index",
|
|
"disabled" : true,
|
|
"params" : "{}",
|
|
"type" : "type",
|
|
"value" : "value",
|
|
"isMultiIndex" : true,
|
|
"key" : "key",
|
|
"group" : "group"
|
|
},
|
|
"query" : "{}"
|
|
} ]
|
|
}
|
|
},
|
|
"id" : "9dca3e00-74f5-11ed-9801-35303b735aef",
|
|
"params" : {
|
|
"key" : ""
|
|
},
|
|
"uuid" : "1c7a1280-f28c-4e06-96b2-e4e5f05d1d61",
|
|
"connector_type_id" : ".server-log",
|
|
"frequency" : {
|
|
"summary" : true,
|
|
"throttle" : "10m",
|
|
"notify_when" : "onActiveAlert"
|
|
},
|
|
"group" : "default"
|
|
} ]
|
|
}</code></pre>
|
|
|
|
<h3 class="field-label">Produces</h3>
|
|
This API call produces the following media types according to the <span class="header">Accept</span> request header;
|
|
the media type will be conveyed by the <span class="header">Content-Type</span> response header.
|
|
<ul>
|
|
<li><code>application/json</code></li>
|
|
</ul>
|
|
|
|
<h3 class="field-label">Responses</h3>
|
|
<h4 class="field-label">200</h4>
|
|
Indicates a successful call.
|
|
<a href="#rule_response_properties">rule_response_properties</a>
|
|
<h4 class="field-label">401</h4>
|
|
Authorization information is missing or invalid.
|
|
<a href="#401_response">401_response</a>
|
|
<h4 class="field-label">404</h4>
|
|
Object is not found.
|
|
<a href="#404_response">404_response</a>
|
|
</div> <!-- method -->
|
|
<hr/>
|
|
|
|
<h2><a name="__Models">Models</a></h2>
|
|
[ Jump to <a href="#__Methods">Methods</a> ]
|
|
|
|
<h3>Table of Contents</h3>
|
|
<ol>
|
|
<li><a href="#401_response"><code>401_response</code> - Unsuccessful rule API response</a></li>
|
|
<li><a href="#404_response"><code>404_response</code> - </a></li>
|
|
<li><a href="#Count"><code>Count</code> - Count</a></li>
|
|
<li><a href="#Count_count"><code>Count_count</code> - </a></li>
|
|
<li><a href="#Count_criteria"><code>Count_criteria</code> - </a></li>
|
|
<li><a href="#Count_logView"><code>Count_logView</code> - </a></li>
|
|
<li><a href="#Legacy_create_alert_request_properties"><code>Legacy_create_alert_request_properties</code> - Legacy create alert request properties</a></li>
|
|
<li><a href="#Legacy_create_alert_request_properties_schedule"><code>Legacy_create_alert_request_properties_schedule</code> - </a></li>
|
|
<li><a href="#Legacy_update_alert_request_properties"><code>Legacy_update_alert_request_properties</code> - Legacy update alert request properties</a></li>
|
|
<li><a href="#Legacy_update_alert_request_properties_actions_inner"><code>Legacy_update_alert_request_properties_actions_inner</code> - </a></li>
|
|
<li><a href="#Legacy_update_alert_request_properties_schedule"><code>Legacy_update_alert_request_properties_schedule</code> - </a></li>
|
|
<li><a href="#Ratio"><code>Ratio</code> - Ratio</a></li>
|
|
<li><a href="#actions_inner"><code>actions_inner</code> - </a></li>
|
|
<li><a href="#actions_inner_alerts_filter"><code>actions_inner_alerts_filter</code> - </a></li>
|
|
<li><a href="#actions_inner_alerts_filter_query"><code>actions_inner_alerts_filter_query</code> - </a></li>
|
|
<li><a href="#actions_inner_alerts_filter_timeframe"><code>actions_inner_alerts_filter_timeframe</code> - </a></li>
|
|
<li><a href="#actions_inner_alerts_filter_timeframe_hours"><code>actions_inner_alerts_filter_timeframe_hours</code> - </a></li>
|
|
<li><a href="#actions_inner_frequency"><code>actions_inner_frequency</code> - </a></li>
|
|
<li><a href="#aggtype"><code>aggtype</code> - </a></li>
|
|
<li><a href="#alert_response_properties"><code>alert_response_properties</code> - Legacy alert response properties</a></li>
|
|
<li><a href="#alert_response_properties_executionStatus"><code>alert_response_properties_executionStatus</code> - </a></li>
|
|
<li><a href="#alert_response_properties_schedule"><code>alert_response_properties_schedule</code> - </a></li>
|
|
<li><a href="#count_criterion"><code>count_criterion</code> - count criterion</a></li>
|
|
<li><a href="#create_anomaly_detection_alert_rule_request"><code>create_anomaly_detection_alert_rule_request</code> - Create anomaly detection rule request</a></li>
|
|
<li><a href="#create_anomaly_detection_jobs_health_rule_request"><code>create_anomaly_detection_jobs_health_rule_request</code> - Create anomaly detection jobs health rule request</a></li>
|
|
<li><a href="#create_apm_anomaly_rule_request"><code>create_apm_anomaly_rule_request</code> - Create APM anomaly rule rule request</a></li>
|
|
<li><a href="#create_apm_error_count_rule_request"><code>create_apm_error_count_rule_request</code> - Create APM error count rule request</a></li>
|
|
<li><a href="#create_apm_transaction_duration_rule_request"><code>create_apm_transaction_duration_rule_request</code> - Create latency threshold rule request</a></li>
|
|
<li><a href="#create_apm_transaction_error_rate_rule_request"><code>create_apm_transaction_error_rate_rule_request</code> - Create APM transaction error rate rule request</a></li>
|
|
<li><a href="#create_es_query_rule_request"><code>create_es_query_rule_request</code> - Create Elasticsearch query rule request</a></li>
|
|
<li><a href="#create_geo_containment_rule_request"><code>create_geo_containment_rule_request</code> - Create traacking containment rule request</a></li>
|
|
<li><a href="#create_index_threshold_rule_request"><code>create_index_threshold_rule_request</code> - Create index threshold rule request</a></li>
|
|
<li><a href="#create_infra_inventory_rule_request"><code>create_infra_inventory_rule_request</code> - Create infra inventory rule request</a></li>
|
|
<li><a href="#create_infra_metric_anomaly_rule_request"><code>create_infra_metric_anomaly_rule_request</code> - Create infrastructure anomaly rule request</a></li>
|
|
<li><a href="#create_infra_metric_threshold_rule_request"><code>create_infra_metric_threshold_rule_request</code> - Create infra metric threshold rule request</a></li>
|
|
<li><a href="#create_log_threshold_rule_request"><code>create_log_threshold_rule_request</code> - Create log threshold rule request</a></li>
|
|
<li><a href="#create_monitoring_ccr_exceptions_rule_request"><code>create_monitoring_ccr_exceptions_rule_request</code> - Create CCR read exceptions rule request</a></li>
|
|
<li><a href="#create_monitoring_cluster_health_rule_request"><code>create_monitoring_cluster_health_rule_request</code> - Create cluster health rule request</a></li>
|
|
<li><a href="#create_monitoring_cpu_usage_rule_request"><code>create_monitoring_cpu_usage_rule_request</code> - Create CPU usage rule request</a></li>
|
|
<li><a href="#create_monitoring_disk_usage_rule_request"><code>create_monitoring_disk_usage_rule_request</code> - Create disk usage rule request</a></li>
|
|
<li><a href="#create_monitoring_elasticsearch_version_mismatch_rule_request"><code>create_monitoring_elasticsearch_version_mismatch_rule_request</code> - Create Elasticsearch version mismatch rule request</a></li>
|
|
<li><a href="#create_monitoring_jvm_memory_usage_rule_request"><code>create_monitoring_jvm_memory_usage_rule_request</code> - Create JVM memory usage rule request</a></li>
|
|
<li><a href="#create_monitoring_kibana_version_mismatch_rule_request"><code>create_monitoring_kibana_version_mismatch_rule_request</code> - Create Kibana version mismatch rule request</a></li>
|
|
<li><a href="#create_monitoring_license_expiration_rule_request"><code>create_monitoring_license_expiration_rule_request</code> - Create license expiration rule request</a></li>
|
|
<li><a href="#create_monitoring_logstash_version_mismatch_rule_request"><code>create_monitoring_logstash_version_mismatch_rule_request</code> - Create Logstash version mismatch rule request</a></li>
|
|
<li><a href="#create_monitoring_missing_data_rule_request"><code>create_monitoring_missing_data_rule_request</code> - Create missing monitoring data rule request</a></li>
|
|
<li><a href="#create_monitoring_nodes_changed_rule_request"><code>create_monitoring_nodes_changed_rule_request</code> - Create nodes changed rule request</a></li>
|
|
<li><a href="#create_monitoring_shard_size_rule_request"><code>create_monitoring_shard_size_rule_request</code> - Create shard size rule request</a></li>
|
|
<li><a href="#create_monitoring_thread_pool_search_rejections_rule_request"><code>create_monitoring_thread_pool_search_rejections_rule_request</code> - Create thread pool search rejections rule request</a></li>
|
|
<li><a href="#create_monitoring_thread_pool_write_rejections_rule_request"><code>create_monitoring_thread_pool_write_rejections_rule_request</code> - Create thread pool write rejections rule request</a></li>
|
|
<li><a href="#create_rule_request"><code>create_rule_request</code> - Create rule request body properties</a></li>
|
|
<li><a href="#create_siem_eql_rule_request"><code>create_siem_eql_rule_request</code> - Create event correlation rule request</a></li>
|
|
<li><a href="#create_siem_indicator_rule_request"><code>create_siem_indicator_rule_request</code> - Create indicator match rule request</a></li>
|
|
<li><a href="#create_siem_ml_rule_request"><code>create_siem_ml_rule_request</code> - Create machine learning rule request</a></li>
|
|
<li><a href="#create_siem_new_terms_rule_request"><code>create_siem_new_terms_rule_request</code> - Create new terms rule request</a></li>
|
|
<li><a href="#create_siem_notifications_rule_request"><code>create_siem_notifications_rule_request</code> - Create security solution notification (legacy) rule request</a></li>
|
|
<li><a href="#create_siem_query_rule_request"><code>create_siem_query_rule_request</code> - Create custom query rule request</a></li>
|
|
<li><a href="#create_siem_saved_query_rule_request"><code>create_siem_saved_query_rule_request</code> - Create saved query rule request</a></li>
|
|
<li><a href="#create_siem_threshold_rule_request"><code>create_siem_threshold_rule_request</code> - Create threshold rule request</a></li>
|
|
<li><a href="#create_slo_burn_rate_rule_request"><code>create_slo_burn_rate_rule_request</code> - Create slo burn rate rule request</a></li>
|
|
<li><a href="#create_synthetics_monitor_status_rule_request"><code>create_synthetics_monitor_status_rule_request</code> - Create synthetics monitor status rule request</a></li>
|
|
<li><a href="#create_synthetics_uptime_duration_anomaly_rule_request"><code>create_synthetics_uptime_duration_anomaly_rule_request</code> - Create synthetics uptime duration anomaly rule request</a></li>
|
|
<li><a href="#create_synthetics_uptime_tls_certificate_rule_request"><code>create_synthetics_uptime_tls_certificate_rule_request</code> - Create TLS certificate rule request</a></li>
|
|
<li><a href="#create_synthetics_uptime_tls_rule_request"><code>create_synthetics_uptime_tls_rule_request</code> - Create synthetics uptime TLS rule request</a></li>
|
|
<li><a href="#create_transform_health_rule_request"><code>create_transform_health_rule_request</code> - Create transform health rule request</a></li>
|
|
<li><a href="#create_uptime_monitor_status_rule_request"><code>create_uptime_monitor_status_rule_request</code> - Create uptime monitor status rule request</a></li>
|
|
<li><a href="#custom_criterion"><code>custom_criterion</code> - custom criterion</a></li>
|
|
<li><a href="#custom_criterion_customMetric_inner"><code>custom_criterion_customMetric_inner</code> - </a></li>
|
|
<li><a href="#custom_criterion_customMetric_inner_oneOf"><code>custom_criterion_customMetric_inner_oneOf</code> - </a></li>
|
|
<li><a href="#custom_criterion_customMetric_inner_oneOf_1"><code>custom_criterion_customMetric_inner_oneOf_1</code> - </a></li>
|
|
<li><a href="#filter"><code>filter</code> - </a></li>
|
|
<li><a href="#filter_meta"><code>filter_meta</code> - </a></li>
|
|
<li><a href="#findRules_200_response"><code>findRules_200_response</code> - </a></li>
|
|
<li><a href="#findRules_has_reference_parameter"><code>findRules_has_reference_parameter</code> - </a></li>
|
|
<li><a href="#findRules_search_fields_parameter"><code>findRules_search_fields_parameter</code> - </a></li>
|
|
<li><a href="#getAlertingHealth_200_response"><code>getAlertingHealth_200_response</code> - </a></li>
|
|
<li><a href="#getAlertingHealth_200_response_alerting_framework_health"><code>getAlertingHealth_200_response_alerting_framework_health</code> - </a></li>
|
|
<li><a href="#getAlertingHealth_200_response_alerting_framework_health_decryption_health"><code>getAlertingHealth_200_response_alerting_framework_health_decryption_health</code> - </a></li>
|
|
<li><a href="#getAlertingHealth_200_response_alerting_framework_health_execution_health"><code>getAlertingHealth_200_response_alerting_framework_health_execution_health</code> - </a></li>
|
|
<li><a href="#getAlertingHealth_200_response_alerting_framework_health_read_health"><code>getAlertingHealth_200_response_alerting_framework_health_read_health</code> - </a></li>
|
|
<li><a href="#getRuleTypes_200_response_inner"><code>getRuleTypes_200_response_inner</code> - </a></li>
|
|
<li><a href="#getRuleTypes_200_response_inner_action_groups_inner"><code>getRuleTypes_200_response_inner_action_groups_inner</code> - </a></li>
|
|
<li><a href="#getRuleTypes_200_response_inner_action_variables"><code>getRuleTypes_200_response_inner_action_variables</code> - </a></li>
|
|
<li><a href="#getRuleTypes_200_response_inner_action_variables_context_inner"><code>getRuleTypes_200_response_inner_action_variables_context_inner</code> - </a></li>
|
|
<li><a href="#getRuleTypes_200_response_inner_action_variables_params_inner"><code>getRuleTypes_200_response_inner_action_variables_params_inner</code> - </a></li>
|
|
<li><a href="#getRuleTypes_200_response_inner_authorized_consumers"><code>getRuleTypes_200_response_inner_authorized_consumers</code> - </a></li>
|
|
<li><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts"><code>getRuleTypes_200_response_inner_authorized_consumers_alerts</code> - </a></li>
|
|
<li><a href="#getRuleTypes_200_response_inner_recovery_action_group"><code>getRuleTypes_200_response_inner_recovery_action_group</code> - </a></li>
|
|
<li><a href="#groupby"><code>groupby</code> - </a></li>
|
|
<li><a href="#legacyFindAlerts_200_response"><code>legacyFindAlerts_200_response</code> - </a></li>
|
|
<li><a href="#legacyGetAlertTypes_200_response_inner"><code>legacyGetAlertTypes_200_response_inner</code> - </a></li>
|
|
<li><a href="#legacyGetAlertTypes_200_response_inner_actionVariables"><code>legacyGetAlertTypes_200_response_inner_actionVariables</code> - </a></li>
|
|
<li><a href="#legacyGetAlertTypes_200_response_inner_actionVariables_context_inner"><code>legacyGetAlertTypes_200_response_inner_actionVariables_context_inner</code> - </a></li>
|
|
<li><a href="#legacyGetAlertTypes_200_response_inner_recoveryActionGroup"><code>legacyGetAlertTypes_200_response_inner_recoveryActionGroup</code> - </a></li>
|
|
<li><a href="#legacyGetAlertingHealth_200_response"><code>legacyGetAlertingHealth_200_response</code> - </a></li>
|
|
<li><a href="#legacyGetAlertingHealth_200_response_alertingFrameworkHealth"><code>legacyGetAlertingHealth_200_response_alertingFrameworkHealth</code> - </a></li>
|
|
<li><a href="#legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth"><code>legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth</code> - </a></li>
|
|
<li><a href="#legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth"><code>legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth</code> - </a></li>
|
|
<li><a href="#legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth"><code>legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth</code> - </a></li>
|
|
<li><a href="#non_count_criterion"><code>non_count_criterion</code> - non count criterion</a></li>
|
|
<li><a href="#notify_when"><code>notify_when</code> - </a></li>
|
|
<li><a href="#params_es_query_rule"><code>params_es_query_rule</code> - </a></li>
|
|
<li><a href="#params_es_query_rule_oneOf"><code>params_es_query_rule_oneOf</code> - </a></li>
|
|
<li><a href="#params_es_query_rule_oneOf_1"><code>params_es_query_rule_oneOf_1</code> - </a></li>
|
|
<li><a href="#params_es_query_rule_oneOf_searchConfiguration"><code>params_es_query_rule_oneOf_searchConfiguration</code> - </a></li>
|
|
<li><a href="#params_es_query_rule_oneOf_searchConfiguration_query"><code>params_es_query_rule_oneOf_searchConfiguration_query</code> - </a></li>
|
|
<li><a href="#params_index_threshold_rule"><code>params_index_threshold_rule</code> - </a></li>
|
|
<li><a href="#params_property_apm_anomaly"><code>params_property_apm_anomaly</code> - </a></li>
|
|
<li><a href="#params_property_apm_error_count"><code>params_property_apm_error_count</code> - </a></li>
|
|
<li><a href="#params_property_apm_transaction_duration"><code>params_property_apm_transaction_duration</code> - </a></li>
|
|
<li><a href="#params_property_apm_transaction_error_rate"><code>params_property_apm_transaction_error_rate</code> - </a></li>
|
|
<li><a href="#params_property_infra_inventory"><code>params_property_infra_inventory</code> - </a></li>
|
|
<li><a href="#params_property_infra_inventory_criteria_inner"><code>params_property_infra_inventory_criteria_inner</code> - </a></li>
|
|
<li><a href="#params_property_infra_inventory_criteria_inner_customMetric"><code>params_property_infra_inventory_criteria_inner_customMetric</code> - </a></li>
|
|
<li><a href="#params_property_infra_metric_threshold"><code>params_property_infra_metric_threshold</code> - </a></li>
|
|
<li><a href="#params_property_infra_metric_threshold_criteria_inner"><code>params_property_infra_metric_threshold_criteria_inner</code> - </a></li>
|
|
<li><a href="#params_property_log_threshold"><code>params_property_log_threshold</code> - </a></li>
|
|
<li><a href="#params_property_slo_burn_rate"><code>params_property_slo_burn_rate</code> - </a></li>
|
|
<li><a href="#params_property_slo_burn_rate_longWindow"><code>params_property_slo_burn_rate_longWindow</code> - </a></li>
|
|
<li><a href="#params_property_slo_burn_rate_shortWindow"><code>params_property_slo_burn_rate_shortWindow</code> - </a></li>
|
|
<li><a href="#params_property_synthetics_monitor_status"><code>params_property_synthetics_monitor_status</code> - </a></li>
|
|
<li><a href="#params_property_synthetics_monitor_status_availability"><code>params_property_synthetics_monitor_status_availability</code> - </a></li>
|
|
<li><a href="#params_property_synthetics_monitor_status_filters"><code>params_property_synthetics_monitor_status_filters</code> - </a></li>
|
|
<li><a href="#params_property_synthetics_monitor_status_filters_oneOf"><code>params_property_synthetics_monitor_status_filters_oneOf</code> - </a></li>
|
|
<li><a href="#params_property_synthetics_monitor_status_timerange"><code>params_property_synthetics_monitor_status_timerange</code> - </a></li>
|
|
<li><a href="#params_property_synthetics_uptime_tls"><code>params_property_synthetics_uptime_tls</code> - </a></li>
|
|
<li><a href="#rule_response_properties"><code>rule_response_properties</code> - Rule response properties</a></li>
|
|
<li><a href="#rule_response_properties_execution_status"><code>rule_response_properties_execution_status</code> - </a></li>
|
|
<li><a href="#rule_response_properties_last_run"><code>rule_response_properties_last_run</code> - </a></li>
|
|
<li><a href="#rule_response_properties_last_run_alerts_count"><code>rule_response_properties_last_run_alerts_count</code> - </a></li>
|
|
<li><a href="#schedule"><code>schedule</code> - </a></li>
|
|
<li><a href="#thresholdcomparator"><code>thresholdcomparator</code> - </a></li>
|
|
<li><a href="#timewindowunit"><code>timewindowunit</code> - </a></li>
|
|
<li><a href="#update_rule_request"><code>update_rule_request</code> - Update rule request</a></li>
|
|
</ol>
|
|
|
|
<div class="model">
|
|
<h3><a name="401_response"><code>401_response</code> - Unsuccessful rule API response</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">error (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">Unauthorized</div>
|
|
<div class="param">message (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">statusCode (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">401</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="404_response"><code>404_response</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">error (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">Not Found</div>
|
|
<div class="param">message (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">statusCode (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">404</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Count"><code>Count</code> - Count</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">criteria (optional)</div><div class="param-desc"><span class="param-type"><a href="#Count_criteria">array[Count_criteria]</a></span> </div>
|
|
<div class="param">count </div><div class="param-desc"><span class="param-type"><a href="#Count_count">Count_count</a></span> </div>
|
|
<div class="param">timeSize </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">timeUnit </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">s</div><div class="param-enum">m</div><div class="param-enum">h</div><div class="param-enum">d</div>
|
|
<div class="param">logView </div><div class="param-desc"><span class="param-type"><a href="#Count_logView">Count_logView</a></span> </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Count_count"><code>Count_count</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">comparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">more than</div><div class="param-enum">more than or equals</div><div class="param-enum">less than</div><div class="param-enum">less than or equals</div><div class="param-enum">equals</div><div class="param-enum">does not equal</div><div class="param-enum">matches</div><div class="param-enum">does not match</div><div class="param-enum">matches phrase</div><div class="param-enum">does not match phrase</div>
|
|
<div class="param">value (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Count_criteria"><code>Count_criteria</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">field (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">comparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">more than</div><div class="param-enum">more than or equals</div><div class="param-enum">less than</div><div class="param-enum">less than or equals</div><div class="param-enum">equals</div><div class="param-enum">does not equal</div><div class="param-enum">matches</div><div class="param-enum">does not match</div><div class="param-enum">matches phrase</div><div class="param-enum">does not match phrase</div>
|
|
<div class="param">value (optional)</div><div class="param-desc"><span class="param-type"><a href="#oneOf<number,string>">oneOf<number,string></a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Count_logView"><code>Count_logView</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">logViewId (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">type (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">log-view-reference</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Legacy_create_alert_request_properties"><code>Legacy_create_alert_request_properties</code> - Legacy create alert request properties</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#Legacy_update_alert_request_properties_actions_inner">array[Legacy_update_alert_request_properties_actions_inner]</a></span> </div>
|
|
<div class="param">alertTypeId </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the alert type that you want to call when the alert is scheduled to run. </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application that owns the alert. This name has to match the Kibana feature name, as that dictates the required role-based access control privileges. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates if you want to run the alert on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> A name to reference and search. </div>
|
|
<div class="param">notifyWhen </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The condition for throttling the notification. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">onActionGroupChange</div><div class="param-enum">onActiveAlert</div><div class="param-enum">onThrottleInterval</div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#">Object</a></span> The parameters to pass to the alert type executor <code>params</code> value. This will also validate against the alert type params validator, if defined. </div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#Legacy_create_alert_request_properties_schedule">Legacy_create_alert_request_properties_schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> A list of keywords to reference and search. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of <code>10m</code> or <code>1h</code> will prevent it from sending 90 notifications during this period. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Legacy_create_alert_request_properties_schedule"><code>Legacy_create_alert_request_properties_schedule</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.</div>
|
|
<div class="field-items">
|
|
<div class="param">interval (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The interval format specifies the interval in seconds, minutes, hours or days at which the alert should execute. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Legacy_update_alert_request_properties"><code>Legacy_update_alert_request_properties</code> - Legacy update alert request properties</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#Legacy_update_alert_request_properties_actions_inner">array[Legacy_update_alert_request_properties_actions_inner]</a></span> </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> A name to reference and search. </div>
|
|
<div class="param">notifyWhen </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The condition for throttling the notification. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">onActionGroupChange</div><div class="param-enum">onActiveAlert</div><div class="param-enum">onThrottleInterval</div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#">Object</a></span> The parameters to pass to the alert type executor <code>params</code> value. This will also validate against the alert type params validator, if defined. </div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#Legacy_update_alert_request_properties_schedule">Legacy_update_alert_request_properties_schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> A list of keywords to reference and search. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of <code>10m</code> or <code>1h</code> will prevent it from sending 90 notifications during this period. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Legacy_update_alert_request_properties_actions_inner"><code>Legacy_update_alert_request_properties_actions_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">actionTypeId </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the action type. </div>
|
|
<div class="param">group </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to <code>default</code>. </div>
|
|
<div class="param">id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the action saved object to execute. </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#">Object</a></span> The map to the <code>params</code> that the action type will receive. <code>params</code> are handled as Mustache templates and passed a default set of context. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Legacy_update_alert_request_properties_schedule"><code>Legacy_update_alert_request_properties_schedule</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.</div>
|
|
<div class="field-items">
|
|
<div class="param">interval (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The interval format specifies the interval in seconds, minutes, hours or days at which the alert should execute. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="Ratio"><code>Ratio</code> - Ratio</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">criteria (optional)</div><div class="param-desc"><span class="param-type"><a href="#array">array[array[Object]]</a></span> </div>
|
|
<div class="param">count </div><div class="param-desc"><span class="param-type"><a href="#Count_count">Count_count</a></span> </div>
|
|
<div class="param">timeSize </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">timeUnit </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">s</div><div class="param-enum">m</div><div class="param-enum">h</div><div class="param-enum">d</div>
|
|
<div class="param">logView </div><div class="param-desc"><span class="param-type"><a href="#Count_logView">Count_logView</a></span> </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="actions_inner"><code>actions_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">alerts_filter (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner_alerts_filter">actions_inner_alerts_filter</a></span> </div>
|
|
<div class="param">connector_type_id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The type of connector. This property appears in responses but cannot be set in requests. </div>
|
|
<div class="param">frequency (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner_frequency">actions_inner_frequency</a></span> </div>
|
|
<div class="param">group (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The group name for the actions. If you don't need to group actions, set to <code>default</code>. </div>
|
|
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the connector saved object. </div>
|
|
<div class="param">params (optional)</div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the action, which are sent to the connector. The <code>params</code> are handled as Mustache templates and passed a default set of context. </div>
|
|
<div class="param">uuid (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> A universally unique identifier (UUID) for the action. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="actions_inner_alerts_filter"><code>actions_inner_alerts_filter</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.</div>
|
|
<div class="field-items">
|
|
<div class="param">query (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner_alerts_filter_query">actions_inner_alerts_filter_query</a></span> </div>
|
|
<div class="param">timeframe (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner_alerts_filter_timeframe">actions_inner_alerts_filter_timeframe</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="actions_inner_alerts_filter_query"><code>actions_inner_alerts_filter_query</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>Defines a query filter that determines whether the action runs.</div>
|
|
<div class="field-items">
|
|
<div class="param">kql (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> A filter written in Kibana Query Language (KQL). </div>
|
|
<div class="param">filters (optional)</div><div class="param-desc"><span class="param-type"><a href="#filter">array[filter]</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="actions_inner_alerts_filter_timeframe"><code>actions_inner_alerts_filter_timeframe</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>Defines a period that limits whether the action runs.</div>
|
|
<div class="field-items">
|
|
<div class="param">days (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">array[Integer]</a></span> Defines the days of the week that the action can run, represented as an array of numbers. For example, <code>1</code> represents Monday. An empty array is equivalent to specifying all the days of the week. </div>
|
|
<div class="param">hours (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner_alerts_filter_timeframe_hours">actions_inner_alerts_filter_timeframe_hours</a></span> </div>
|
|
<div class="param">timezone (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ISO time zone for the <code>hours</code> values. Values such as <code>UTC</code> and <code>UTC+1</code> also work but lack built-in daylight savings time support and are not recommended. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="actions_inner_alerts_filter_timeframe_hours"><code>actions_inner_alerts_filter_timeframe_hours</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>Defines the range of time in a day that the action can run. If the <code>start</code> value is <code>00:00</code> and the <code>end</code> value is <code>24:00</code>, actions be generated all day.</div>
|
|
<div class="field-items">
|
|
<div class="param">end (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The end of the time frame in 24-hour notation (<code>hh:mm</code>). </div>
|
|
<div class="param">start (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The start of the time frame in 24-hour notation (<code>hh:mm</code>). </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="actions_inner_frequency"><code>actions_inner_frequency</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The parameters that affect how often actions are generated. NOTE: You cannot specify these parameters when <code>notify_when</code> or <code>throttle</code> are defined at the rule level.</div>
|
|
<div class="field-items">
|
|
<div class="param">notify_when </div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">summary </div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the action is a summary. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="aggtype"><code>aggtype</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The type of aggregation to perform.</div>
|
|
<div class="field-items">
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="alert_response_properties"><code>alert_response_properties</code> - Legacy alert response properties</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#object">array[Object]</a></span> </div>
|
|
<div class="param">alertTypeId (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">apiKeyOwner (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">createdAt (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> The date and time that the alert was created. format: date-time</div>
|
|
<div class="param">createdBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the user that created the alert. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the alert is currently enabled. </div>
|
|
<div class="param">executionStatus (optional)</div><div class="param-desc"><span class="param-type"><a href="#alert_response_properties_executionStatus">alert_response_properties_executionStatus</a></span> </div>
|
|
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the alert. </div>
|
|
<div class="param">muteAll (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
<div class="param">mutedInstanceIds (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the alert. </div>
|
|
<div class="param">notifyWhen (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">params (optional)</div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> </div>
|
|
<div class="param">schedule (optional)</div><div class="param-desc"><span class="param-type"><a href="#alert_response_properties_schedule">alert_response_properties_schedule</a></span> </div>
|
|
<div class="param">scheduledTaskId (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">updatedAt (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">updatedBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the user that updated this alert most recently. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="alert_response_properties_executionStatus"><code>alert_response_properties_executionStatus</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">lastExecutionDate (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
|
|
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="alert_response_properties_schedule"><code>alert_response_properties_schedule</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">interval (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="count_criterion"><code>count_criterion</code> - count criterion</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">threshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">comparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
<div class="param">timeUnit (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">timeSize (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">warningThreshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">warningComparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">count</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_anomaly_detection_alert_rule_request"><code>create_anomaly_detection_alert_rule_request</code> - Create anomaly detection rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that checks if the anomaly detection job results contain anomalies that match the rule conditions.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for an anomaly detection rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">xpack.ml.anomaly_detection_alert</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_anomaly_detection_jobs_health_rule_request"><code>create_anomaly_detection_jobs_health_rule_request</code> - Create anomaly detection jobs health rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>An rule that monitors job health and alerts if an operational issue occurred that may prevent the job from detecting anomalies.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for an anomaly detection jobs health rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">xpack.ml.anomaly_detection_jobs_health</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_apm_anomaly_rule_request"><code>create_apm_anomaly_rule_request</code> - Create APM anomaly rule rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when either the latency, throughput, or failed transaction rate of a service is anomalous.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_apm_anomaly">params_property_apm_anomaly</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">apm.anomaly</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_apm_error_count_rule_request"><code>create_apm_error_count_rule_request</code> - Create APM error count rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the number of errors in a service exceeds a defined threshold.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_apm_error_count">params_property_apm_error_count</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">apm.error_rate</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_apm_transaction_duration_rule_request"><code>create_apm_transaction_duration_rule_request</code> - Create latency threshold rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the latency of a specific transaction type in a service exceeds a threshold.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_apm_transaction_duration">params_property_apm_transaction_duration</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">apm.transaction_duration</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_apm_transaction_error_rate_rule_request"><code>create_apm_transaction_error_rate_rule_request</code> - Create APM transaction error rate rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that sends notifications when the rate of transaction errors in a service exceeds a threshold.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_apm_transaction_error_rate">params_property_apm_transaction_error_rate</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">apm.transaction_error_rate</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_es_query_rule_request"><code>create_es_query_rule_request</code> - Create Elasticsearch query rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that runs a user-configured query, compares the number of matches to a configured threshold, and schedules actions to run when the threshold condition is met.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_es_query_rule">params_es_query_rule</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">.es-query</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_geo_containment_rule_request"><code>create_geo_containment_rule_request</code> - Create traacking containment rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that runs an Elasticsearch query over indices to determine whether any documents are currently contained within any boundaries from the specified boundary index. In the event that an entity is contained within a boundary, an alert may be generated.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for an tracking containment rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">.geo-containment</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_index_threshold_rule_request"><code>create_index_threshold_rule_request</code> - Create index threshold rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that runs an Elasticsearch query, aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_index_threshold_rule">params_index_threshold_rule</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">.index-threshold</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_infra_inventory_rule_request"><code>create_infra_inventory_rule_request</code> - Create infra inventory rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that sends notifications when a metric has reached or exceeded a value for a specific resource or a group of resources within your infrastructure.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_infra_inventory">params_property_infra_inventory</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">metrics.alert.inventory.threshold</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_infra_metric_anomaly_rule_request"><code>create_infra_metric_anomaly_rule_request</code> - Create infrastructure anomaly rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for an infrastructure anomaly rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">metrics.alert.anomaly</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_infra_metric_threshold_rule_request"><code>create_infra_metric_threshold_rule_request</code> - Create infra metric threshold rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that sends notifications when a metric has reached or exceeded a value for a specific time period.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_infra_metric_threshold">params_property_infra_metric_threshold</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">metrics.alert.threshold</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_log_threshold_rule_request"><code>create_log_threshold_rule_request</code> - Create log threshold rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when a log aggregation exceeds a threshold.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_log_threshold">params_property_log_threshold</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">logs.alert.document.count</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_ccr_exceptions_rule_request"><code>create_monitoring_ccr_exceptions_rule_request</code> - Create CCR read exceptions rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects cross-cluster replication (CCR) read exceptions.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a CCR read exceptions rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_ccr_read_exceptions</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_cluster_health_rule_request"><code>create_monitoring_cluster_health_rule_request</code> - Create cluster health rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the health of the cluster changes.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a cluster health rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_cluster_health</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_cpu_usage_rule_request"><code>create_monitoring_cpu_usage_rule_request</code> - Create CPU usage rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the CPU load for a node is consistently high.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a CPU usage rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_cpu_usage</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_disk_usage_rule_request"><code>create_monitoring_disk_usage_rule_request</code> - Create disk usage rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the disk usage for a node is consistently high.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a disk usage rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_disk_usage</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_elasticsearch_version_mismatch_rule_request"><code>create_monitoring_elasticsearch_version_mismatch_rule_request</code> - Create Elasticsearch version mismatch rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the cluster has multipe versions of Elasticsearch.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a Elasticsearch version mismatch rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_elasticsearch_version_mismatch</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_jvm_memory_usage_rule_request"><code>create_monitoring_jvm_memory_usage_rule_request</code> - Create JVM memory usage rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when a node reports high memory usage.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a JVM memory usage rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_jvm_memory_usage</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_kibana_version_mismatch_rule_request"><code>create_monitoring_kibana_version_mismatch_rule_request</code> - Create Kibana version mismatch rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the cluster has multiple versions of Kibana.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a Kibana version mismatch rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_kibana_version_mismatch</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_license_expiration_rule_request"><code>create_monitoring_license_expiration_rule_request</code> - Create license expiration rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the cluster license is about to expire.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a license expiration rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_license_expiration</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_logstash_version_mismatch_rule_request"><code>create_monitoring_logstash_version_mismatch_rule_request</code> - Create Logstash version mismatch rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the cluster has multiple versions of Logstash.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a Logstash version mismatch rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_logstash_version_mismatch</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_missing_data_rule_request"><code>create_monitoring_missing_data_rule_request</code> - Create missing monitoring data rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when monitoring data is missing.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a missing monitoring data rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_missing_monitoring_data</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_nodes_changed_rule_request"><code>create_monitoring_nodes_changed_rule_request</code> - Create nodes changed rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when nodes are added, removed, or restarted.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a nodes changed rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_nodes_changed</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_shard_size_rule_request"><code>create_monitoring_shard_size_rule_request</code> - Create shard size rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the average shard size is larger than a threshold.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a shard size rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_shard_size</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_thread_pool_search_rejections_rule_request"><code>create_monitoring_thread_pool_search_rejections_rule_request</code> - Create thread pool search rejections rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the number of rejections in the thread pool exceeds a threshold.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a thread pool search rejections rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_thread_pool_search_rejections</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_monitoring_thread_pool_write_rejections_rule_request"><code>create_monitoring_thread_pool_write_rejections_rule_request</code> - Create thread pool write rejections rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the number of rejections in the write thread pool exceeds a threshold.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a thread pool write rejections rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">monitoring_alert_thread_pool_write_rejections</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_rule_request"><code>create_rule_request</code> - Create rule request body properties</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The properties vary depending on the rule type.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_synthetics_monitor_status">params_property_synthetics_monitor_status</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">xpack.uptime.alerts.monitorStatus</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_siem_eql_rule_request"><code>create_siem_eql_rule_request</code> - Create event correlation rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that uses Event Query Language (EQL) to match events, generate sequences, and stack data.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for an event correlation rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">siem.eqlRule</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_siem_indicator_rule_request"><code>create_siem_indicator_rule_request</code> - Create indicator match rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that uses indicators from intelligence sources to detect matching events and alerts.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for an indicator match rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">siem.indicatorRule</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_siem_ml_rule_request"><code>create_siem_ml_rule_request</code> - Create machine learning rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when a machine learning job discovers an anomaly above the defined threshold.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a machine learning rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">siem.mlRule</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_siem_new_terms_rule_request"><code>create_siem_new_terms_rule_request</code> - Create new terms rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that finds documents with values that appear for the first time.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a new terms rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">siem.newTermsRule</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_siem_notifications_rule_request"><code>create_siem_notifications_rule_request</code> - Create security solution notification (legacy) rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a notification rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">siem.notifications</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_siem_query_rule_request"><code>create_siem_query_rule_request</code> - Create custom query rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that uses KQL or Lucene to detect issues across indices.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a custom query rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">siem.queryRule</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_siem_saved_query_rule_request"><code>create_siem_saved_query_rule_request</code> - Create saved query rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that searches the defined indices and creates an alert when a document matches the saved search.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a saved query rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">siem.savedQueryRule</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_siem_threshold_rule_request"><code>create_siem_threshold_rule_request</code> - Create threshold rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that aggregates query results to detect when the number of matches exceeds a threshold.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a threshold rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">siem.thresholdRule</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_slo_burn_rate_rule_request"><code>create_slo_burn_rate_rule_request</code> - Create slo burn rate rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when the burn rate is above a defined threshold for two different lookback periods. The two periods are a long period and a short period that is 1/12th of the long period. For each lookback period, the burn rate is computed as the error rate divided by the error budget. When the burn rates for both periods surpass the threshold, an alert occurs.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_slo_burn_rate">params_property_slo_burn_rate</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">slo.rules.burnRate</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_synthetics_monitor_status_rule_request"><code>create_synthetics_monitor_status_rule_request</code> - Create synthetics monitor status rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when a monitor is down or an availability threshold is breached.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the synthetics monitor status rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">xpack.synthetics.alerts.monitorStatus</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_synthetics_uptime_duration_anomaly_rule_request"><code>create_synthetics_uptime_duration_anomaly_rule_request</code> - Create synthetics uptime duration anomaly rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects response durations for all of the geographic locations of each monitor. When a monitor runs for an unusual amount of time, at a particular time, an anomaly is recorded.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the uptime duration anomaly rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">xpack.uptime.alerts.durationAnomaly</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_synthetics_uptime_tls_certificate_rule_request"><code>create_synthetics_uptime_tls_certificate_rule_request</code> - Create TLS certificate rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects when a monitor has a TLS certificate expiring or when it exceeds an age limit.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a TLS certificate rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">xpack.uptime.alerts.tlsCertificate</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_synthetics_uptime_tls_rule_request"><code>create_synthetics_uptime_tls_rule_request</code> - Create synthetics uptime TLS rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_synthetics_uptime_tls">params_property_synthetics_uptime_tls</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">xpack.uptime.alerts.tls</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_transform_health_rule_request"><code>create_transform_health_rule_request</code> - Create transform health rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that monitors transforms health and alerts if an operational issue occurred.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for a transform health rule. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">transform_health</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="create_uptime_monitor_status_rule_request"><code>create_uptime_monitor_status_rule_request</code> - Create uptime monitor status rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A rule that detects monitor errors and outages.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the application or feature that owns the rule. For example: <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">enabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether you want to run the rule on an interval basis after it is created. </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#params_property_synthetics_monitor_status">params_property_synthetics_monitor_status</a></span> </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The ID of the rule type that you want to call when the rule is scheduled to run. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">xpack.uptime.alerts.monitorStatus</div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="custom_criterion"><code>custom_criterion</code> - custom criterion</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">threshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">comparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
<div class="param">timeUnit (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">timeSize (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">warningThreshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">warningComparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">custom</div>
|
|
<div class="param">customMetric (optional)</div><div class="param-desc"><span class="param-type"><a href="#custom_criterion_customMetric_inner">array[custom_criterion_customMetric_inner]</a></span> </div>
|
|
<div class="param">equation (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">label (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="custom_criterion_customMetric_inner"><code>custom_criterion_customMetric_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">count</div>
|
|
<div class="param">field (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">filter (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="custom_criterion_customMetric_inner_oneOf"><code>custom_criterion_customMetric_inner_oneOf</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">avg</div><div class="param-enum">sum</div><div class="param-enum">max</div><div class="param-enum">min</div><div class="param-enum">cardinality</div>
|
|
<div class="param">field (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="custom_criterion_customMetric_inner_oneOf_1"><code>custom_criterion_customMetric_inner_oneOf_1</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">count</div>
|
|
<div class="param">filter (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="filter"><code>filter</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the <code>kbn-es-query</code> package.</div>
|
|
<div class="field-items">
|
|
<div class="param">meta (optional)</div><div class="param-desc"><span class="param-type"><a href="#filter_meta">filter_meta</a></span> </div>
|
|
<div class="param">query (optional)</div><div class="param-desc"><span class="param-type"><a href="#">Object</a></span> </div>
|
|
<div class="param">Dollarstate (optional)</div><div class="param-desc"><span class="param-type"><a href="#">Object</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="filter_meta"><code>filter_meta</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">alias (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">controlledBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">disabled (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
<div class="param">field (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">group (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">index (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">isMultiIndex (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
<div class="param">key (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">negate (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
<div class="param">params (optional)</div><div class="param-desc"><span class="param-type"><a href="#">Object</a></span> </div>
|
|
<div class="param">type (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">value (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="findRules_200_response"><code>findRules_200_response</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">data (optional)</div><div class="param-desc"><span class="param-type"><a href="#rule_response_properties">array[rule_response_properties]</a></span> </div>
|
|
<div class="param">page (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param">per_page (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param">total (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="findRules_has_reference_parameter"><code>findRules_has_reference_parameter</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">type (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="findRules_search_fields_parameter"><code>findRules_search_fields_parameter</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getAlertingHealth_200_response"><code>getAlertingHealth_200_response</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">alerting_framework_health (optional)</div><div class="param-desc"><span class="param-type"><a href="#getAlertingHealth_200_response_alerting_framework_health">getAlertingHealth_200_response_alerting_framework_health</a></span> </div>
|
|
<div class="param">has_permanent_encryption_key (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> If <code>false</code>, the encrypted saved object plugin does not have a permanent encryption key. </div>
|
|
<div class="param">is_sufficiently_secure (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> If <code>false</code>, security is enabled but TLS is not. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getAlertingHealth_200_response_alerting_framework_health"><code>getAlertingHealth_200_response_alerting_framework_health</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>Three substates identify the health of the alerting framework: <code>decryption_health</code>, <code>execution_health</code>, and <code>read_health</code>.</div>
|
|
<div class="field-items">
|
|
<div class="param">decryption_health (optional)</div><div class="param-desc"><span class="param-type"><a href="#getAlertingHealth_200_response_alerting_framework_health_decryption_health">getAlertingHealth_200_response_alerting_framework_health_decryption_health</a></span> </div>
|
|
<div class="param">execution_health (optional)</div><div class="param-desc"><span class="param-type"><a href="#getAlertingHealth_200_response_alerting_framework_health_execution_health">getAlertingHealth_200_response_alerting_framework_health_execution_health</a></span> </div>
|
|
<div class="param">read_health (optional)</div><div class="param-desc"><span class="param-type"><a href="#getAlertingHealth_200_response_alerting_framework_health_read_health">getAlertingHealth_200_response_alerting_framework_health_read_health</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getAlertingHealth_200_response_alerting_framework_health_decryption_health"><code>getAlertingHealth_200_response_alerting_framework_health_decryption_health</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The timestamp and status of the rule decryption.</div>
|
|
<div class="field-items">
|
|
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">error</div><div class="param-enum">ok</div><div class="param-enum">warn</div>
|
|
<div class="param">timestamp (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getAlertingHealth_200_response_alerting_framework_health_execution_health"><code>getAlertingHealth_200_response_alerting_framework_health_execution_health</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The timestamp and status of the rule run.</div>
|
|
<div class="field-items">
|
|
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">error</div><div class="param-enum">ok</div><div class="param-enum">warn</div>
|
|
<div class="param">timestamp (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getAlertingHealth_200_response_alerting_framework_health_read_health"><code>getAlertingHealth_200_response_alerting_framework_health_read_health</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The timestamp and status of the rule reading events.</div>
|
|
<div class="field-items">
|
|
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">error</div><div class="param-enum">ok</div><div class="param-enum">warn</div>
|
|
<div class="param">timestamp (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getRuleTypes_200_response_inner"><code>getRuleTypes_200_response_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">action_groups (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_action_groups_inner">array[getRuleTypes_200_response_inner_action_groups_inner]</a></span> An explicit list of groups for which the rule type can schedule actions, each with the action group's unique ID and human readable name. Rule actions validation uses this configuration to ensure that groups are valid. </div>
|
|
<div class="param">action_variables (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_action_variables">getRuleTypes_200_response_inner_action_variables</a></span> </div>
|
|
<div class="param">authorized_consumers (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers">getRuleTypes_200_response_inner_authorized_consumers</a></span> </div>
|
|
<div class="param">default_action_group_id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The default identifier for the rule type group. </div>
|
|
<div class="param">does_set_recovery_context (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the rule passes context variables to its recovery action. </div>
|
|
<div class="param">enabled_in_license (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the rule type is enabled or disabled based on the subscription. </div>
|
|
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The unique identifier for the rule type. </div>
|
|
<div class="param">is_exportable (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the rule type is exportable in <strong>Stack Management > Saved Objects</strong>. </div>
|
|
<div class="param">minimum_license_required (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The subscriptions required to use the rule type. </div>
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The descriptive name of the rule type. </div>
|
|
<div class="param">producer (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> An identifier for the application that produces this rule type. </div>
|
|
<div class="param">recovery_action_group (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_recovery_action_group">getRuleTypes_200_response_inner_recovery_action_group</a></span> </div>
|
|
<div class="param">rule_task_timeout (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getRuleTypes_200_response_inner_action_groups_inner"><code>getRuleTypes_200_response_inner_action_groups_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getRuleTypes_200_response_inner_action_variables"><code>getRuleTypes_200_response_inner_action_variables</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors.</div>
|
|
<div class="field-items">
|
|
<div class="param">context (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_action_variables_context_inner">array[getRuleTypes_200_response_inner_action_variables_context_inner]</a></span> </div>
|
|
<div class="param">params (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_action_variables_params_inner">array[getRuleTypes_200_response_inner_action_variables_params_inner]</a></span> </div>
|
|
<div class="param">state (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_action_variables_params_inner">array[getRuleTypes_200_response_inner_action_variables_params_inner]</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getRuleTypes_200_response_inner_action_variables_context_inner"><code>getRuleTypes_200_response_inner_action_variables_context_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">description (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">useWithTripleBracesInTemplates (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getRuleTypes_200_response_inner_action_variables_params_inner"><code>getRuleTypes_200_response_inner_action_variables_params_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">description (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getRuleTypes_200_response_inner_authorized_consumers"><code>getRuleTypes_200_response_inner_authorized_consumers</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The list of the plugins IDs that have access to the rule type.</div>
|
|
<div class="field-items">
|
|
<div class="param">alerts (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
<div class="param">apm (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
<div class="param">discover (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
<div class="param">infrastructure (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
<div class="param">logs (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
<div class="param">ml (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
<div class="param">monitoring (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
<div class="param">siem (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
<div class="param">stackAlerts (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
<div class="param">uptime (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_authorized_consumers_alerts">getRuleTypes_200_response_inner_authorized_consumers_alerts</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getRuleTypes_200_response_inner_authorized_consumers_alerts"><code>getRuleTypes_200_response_inner_authorized_consumers_alerts</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">all (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
<div class="param">read (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="getRuleTypes_200_response_inner_recovery_action_group"><code>getRuleTypes_200_response_inner_recovery_action_group</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>An action group to use when an alert goes from an active state to an inactive one.</div>
|
|
<div class="field-items">
|
|
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="groupby"><code>groupby</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>Indicates whether the aggregation is applied over all documents (<code>all</code>) or split into groups (<code>top</code>) using a grouping field (<code>termField</code>). If grouping is used, an alert will be created for each group when it exceeds the threshold; only the top groups (up to <code>termSize</code> number of groups) are checked.</div>
|
|
<div class="field-items">
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyFindAlerts_200_response"><code>legacyFindAlerts_200_response</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">data (optional)</div><div class="param-desc"><span class="param-type"><a href="#alert_response_properties">array[alert_response_properties]</a></span> </div>
|
|
<div class="param">page (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param">perPage (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param">total (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyGetAlertTypes_200_response_inner"><code>legacyGetAlertTypes_200_response_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">actionGroups (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_action_groups_inner">array[getRuleTypes_200_response_inner_action_groups_inner]</a></span> An explicit list of groups for which the alert type can schedule actions, each with the action group's unique ID and human readable name. Alert actions validation uses this configuration to ensure that groups are valid. </div>
|
|
<div class="param">actionVariables (optional)</div><div class="param-desc"><span class="param-type"><a href="#legacyGetAlertTypes_200_response_inner_actionVariables">legacyGetAlertTypes_200_response_inner_actionVariables</a></span> </div>
|
|
<div class="param">authorizedConsumers (optional)</div><div class="param-desc"><span class="param-type"><a href="#">Object</a></span> The list of the plugins IDs that have access to the alert type. </div>
|
|
<div class="param">defaultActionGroupId (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The default identifier for the alert type group. </div>
|
|
<div class="param">enabledInLicense (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the rule type is enabled based on the subscription. </div>
|
|
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The unique identifier for the alert type. </div>
|
|
<div class="param">isExportable (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the alert type is exportable in Saved Objects Management UI. </div>
|
|
<div class="param">minimumLicenseRequired (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The subscriptions required to use the alert type. </div>
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The descriptive name of the alert type. </div>
|
|
<div class="param">producer (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> An identifier for the application that produces this alert type. </div>
|
|
<div class="param">recoveryActionGroup (optional)</div><div class="param-desc"><span class="param-type"><a href="#legacyGetAlertTypes_200_response_inner_recoveryActionGroup">legacyGetAlertTypes_200_response_inner_recoveryActionGroup</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyGetAlertTypes_200_response_inner_actionVariables"><code>legacyGetAlertTypes_200_response_inner_actionVariables</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>A list of action variables that the alert type makes available via context and state in action parameter templates, and a short human readable description. The Alert UI will use this information to prompt users for these variables in action parameter editors.</div>
|
|
<div class="field-items">
|
|
<div class="param">context (optional)</div><div class="param-desc"><span class="param-type"><a href="#legacyGetAlertTypes_200_response_inner_actionVariables_context_inner">array[legacyGetAlertTypes_200_response_inner_actionVariables_context_inner]</a></span> </div>
|
|
<div class="param">params (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_action_variables_params_inner">array[getRuleTypes_200_response_inner_action_variables_params_inner]</a></span> </div>
|
|
<div class="param">state (optional)</div><div class="param-desc"><span class="param-type"><a href="#getRuleTypes_200_response_inner_action_variables_params_inner">array[getRuleTypes_200_response_inner_action_variables_params_inner]</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyGetAlertTypes_200_response_inner_actionVariables_context_inner"><code>legacyGetAlertTypes_200_response_inner_actionVariables_context_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">description (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyGetAlertTypes_200_response_inner_recoveryActionGroup"><code>legacyGetAlertTypes_200_response_inner_recoveryActionGroup</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>An action group to use when an alert instance goes from an active state to an inactive one. If it is not specified, the default recovered action group is used.</div>
|
|
<div class="field-items">
|
|
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">name (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyGetAlertingHealth_200_response"><code>legacyGetAlertingHealth_200_response</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">alertingFrameworkHealth (optional)</div><div class="param-desc"><span class="param-type"><a href="#legacyGetAlertingHealth_200_response_alertingFrameworkHealth">legacyGetAlertingHealth_200_response_alertingFrameworkHealth</a></span> </div>
|
|
<div class="param">hasPermanentEncryptionKey (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> If <code>false</code>, the encrypted saved object plugin does not have a permanent encryption key. </div>
|
|
<div class="param">isSufficientlySecure (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> If <code>false</code>, security is enabled but TLS is not. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyGetAlertingHealth_200_response_alertingFrameworkHealth"><code>legacyGetAlertingHealth_200_response_alertingFrameworkHealth</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>Three substates identify the health of the alerting framework: <code>decryptionHealth</code>, <code>executionHealth</code>, and <code>readHealth</code>.</div>
|
|
<div class="field-items">
|
|
<div class="param">decryptionHealth (optional)</div><div class="param-desc"><span class="param-type"><a href="#legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth">legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth</a></span> </div>
|
|
<div class="param">executionHealth (optional)</div><div class="param-desc"><span class="param-type"><a href="#legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth">legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth</a></span> </div>
|
|
<div class="param">readHealth (optional)</div><div class="param-desc"><span class="param-type"><a href="#legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth">legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth"><code>legacyGetAlertingHealth_200_response_alertingFrameworkHealth_decryptionHealth</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The timestamp and status of the alert decryption.</div>
|
|
<div class="field-items">
|
|
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">error</div><div class="param-enum">ok</div><div class="param-enum">warn</div>
|
|
<div class="param">timestamp (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth"><code>legacyGetAlertingHealth_200_response_alertingFrameworkHealth_executionHealth</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The timestamp and status of the alert execution.</div>
|
|
<div class="field-items">
|
|
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">error</div><div class="param-enum">ok</div><div class="param-enum">warn</div>
|
|
<div class="param">timestamp (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth"><code>legacyGetAlertingHealth_200_response_alertingFrameworkHealth_readHealth</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The timestamp and status of the alert reading events.</div>
|
|
<div class="field-items">
|
|
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">error</div><div class="param-enum">ok</div><div class="param-enum">warn</div>
|
|
<div class="param">timestamp (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="non_count_criterion"><code>non_count_criterion</code> - non count criterion</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">threshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">comparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
<div class="param">timeUnit (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">timeSize (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">warningThreshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">warningComparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
<div class="param">metric (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">avg</div><div class="param-enum">max</div><div class="param-enum">min</div><div class="param-enum">cardinality</div><div class="param-enum">rate</div><div class="param-enum">count</div><div class="param-enum">sum</div><div class="param-enum">p95</div><div class="param-enum">p99</div><div class="param-enum">custom</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="notify_when"><code>notify_when</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>Indicates how often alerts generate actions. Valid values include: <code>onActionGroupChange</code>: Actions run when the alert status changes; <code>onActiveAlert</code>: Actions run when the alert becomes active and at each check interval while the rule conditions are met; <code>onThrottleInterval</code>: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify <code>notify_when</code> at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.</div>
|
|
<div class="field-items">
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_es_query_rule"><code>params_es_query_rule</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">aggField (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the numeric field that is used in the aggregation. This property is required when <code>aggType</code> is <code>avg</code>, <code>max</code>, <code>min</code> or <code>sum</code>. </div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#aggtype">aggtype</a></span> </div>
|
|
<div class="param">excludeHitsFromPreviousRun (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether to exclude matches from previous runs. If <code>true</code>, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified. </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#groupby">groupby</a></span> </div>
|
|
<div class="param">searchConfiguration (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_es_query_rule_oneOf_searchConfiguration">params_es_query_rule_oneOf_searchConfiguration</a></span> </div>
|
|
<div class="param">searchType </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The type of query, in this case a query that uses Elasticsearch Query DSL. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">esQuery</div>
|
|
<div class="param">size </div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> The number of documents to pass to the configured actions when the threshold condition is met. </div>
|
|
<div class="param">termField (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> This property is required when <code>groupBy</code> is <code>top</code>. The name of the field that is used for grouping the aggregation. </div>
|
|
<div class="param">termSize (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> This property is required when <code>groupBy</code> is <code>top</code>. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields. </div>
|
|
<div class="param">threshold </div><div class="param-desc"><span class="param-type"><a href="#integer">array[Integer]</a></span> The threshold value that is used with the <code>thresholdComparator</code>. If the <code>thresholdComparator</code> is <code>between</code> or <code>notBetween</code>, you must specify the boundary values. </div>
|
|
<div class="param">thresholdComparator </div><div class="param-desc"><span class="param-type"><a href="#thresholdcomparator">thresholdcomparator</a></span> </div>
|
|
<div class="param">timeField </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The field that is used to calculate the time window. </div>
|
|
<div class="param">timeWindowSize </div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> The size of the time window (in <code>timeWindowUnit</code> units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. </div>
|
|
<div class="param">timeWindowUnit </div><div class="param-desc"><span class="param-type"><a href="#timewindowunit">timewindowunit</a></span> </div>
|
|
<div class="param">esQuery </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The query definition, which uses Elasticsearch Query DSL. </div>
|
|
<div class="param">index </div><div class="param-desc"><span class="param-type"><a href="#oneOf<array,string>">oneOf<array,string></a></span> The indices to query. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_es_query_rule_oneOf"><code>params_es_query_rule_oneOf</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The parameters for an Elasticsearch query rule that uses KQL or Lucene to define the query.</div>
|
|
<div class="field-items">
|
|
<div class="param">aggField (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the numeric field that is used in the aggregation. This property is required when <code>aggType</code> is <code>avg</code>, <code>max</code>, <code>min</code> or <code>sum</code>. </div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#aggtype">aggtype</a></span> </div>
|
|
<div class="param">excludeHitsFromPreviousRun (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether to exclude matches from previous runs. If <code>true</code>, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified. </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#groupby">groupby</a></span> </div>
|
|
<div class="param">searchConfiguration (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_es_query_rule_oneOf_searchConfiguration">params_es_query_rule_oneOf_searchConfiguration</a></span> </div>
|
|
<div class="param">searchType </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The type of query, in this case a text-based query that uses KQL or Lucene. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">searchSource</div>
|
|
<div class="param">size </div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> The number of documents to pass to the configured actions when the threshold condition is met. </div>
|
|
<div class="param">termField (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> This property is required when <code>groupBy</code> is <code>top</code>. The name of the field that is used for grouping the aggregation. </div>
|
|
<div class="param">termSize (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> This property is required when <code>groupBy</code> is <code>top</code>. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields. </div>
|
|
<div class="param">threshold </div><div class="param-desc"><span class="param-type"><a href="#integer">array[Integer]</a></span> The threshold value that is used with the <code>thresholdComparator</code>. If the <code>thresholdComparator</code> is <code>between</code> or <code>notBetween</code>, you must specify the boundary values. </div>
|
|
<div class="param">thresholdComparator </div><div class="param-desc"><span class="param-type"><a href="#thresholdcomparator">thresholdcomparator</a></span> </div>
|
|
<div class="param">timeField (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The field that is used to calculate the time window. </div>
|
|
<div class="param">timeWindowSize </div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> The size of the time window (in <code>timeWindowUnit</code> units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. </div>
|
|
<div class="param">timeWindowUnit </div><div class="param-desc"><span class="param-type"><a href="#timewindowunit">timewindowunit</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_es_query_rule_oneOf_1"><code>params_es_query_rule_oneOf_1</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The parameters for an Elasticsearch query rule that uses Elasticsearch Query DSL to define the query.</div>
|
|
<div class="field-items">
|
|
<div class="param">aggField (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the numeric field that is used in the aggregation. This property is required when <code>aggType</code> is <code>avg</code>, <code>max</code>, <code>min</code> or <code>sum</code>. </div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#aggtype">aggtype</a></span> </div>
|
|
<div class="param">esQuery </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The query definition, which uses Elasticsearch Query DSL. </div>
|
|
<div class="param">excludeHitsFromPreviousRun (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether to exclude matches from previous runs. If <code>true</code>, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified. </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#groupby">groupby</a></span> </div>
|
|
<div class="param">index </div><div class="param-desc"><span class="param-type"><a href="#oneOf<array,string>">oneOf<array,string></a></span> The indices to query. </div>
|
|
<div class="param">searchType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The type of query, in this case a query that uses Elasticsearch Query DSL. </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">esQuery</div>
|
|
<div class="param">size (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> The number of documents to pass to the configured actions when the threshold condition is met. </div>
|
|
<div class="param">termField (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> This property is required when <code>groupBy</code> is <code>top</code>. The name of the field that is used for grouping the aggregation. </div>
|
|
<div class="param">termSize (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> This property is required when <code>groupBy</code> is <code>top</code>. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields. </div>
|
|
<div class="param">threshold </div><div class="param-desc"><span class="param-type"><a href="#integer">array[Integer]</a></span> The threshold value that is used with the <code>thresholdComparator</code>. If the <code>thresholdComparator</code> is <code>between</code> or <code>notBetween</code>, you must specify the boundary values. </div>
|
|
<div class="param">thresholdComparator </div><div class="param-desc"><span class="param-type"><a href="#thresholdcomparator">thresholdcomparator</a></span> </div>
|
|
<div class="param">timeField </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The field that is used to calculate the time window. </div>
|
|
<div class="param">timeWindowSize </div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> The size of the time window (in <code>timeWindowUnit</code> units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. </div>
|
|
<div class="param">timeWindowUnit </div><div class="param-desc"><span class="param-type"><a href="#timewindowunit">timewindowunit</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_es_query_rule_oneOf_searchConfiguration"><code>params_es_query_rule_oneOf_searchConfiguration</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The query definition, which uses KQL or Lucene to fetch the documents from Elasticsearch.</div>
|
|
<div class="field-items">
|
|
<div class="param">filter (optional)</div><div class="param-desc"><span class="param-type"><a href="#filter">array[filter]</a></span> </div>
|
|
<div class="param">index (optional)</div><div class="param-desc"><span class="param-type"><a href="#oneOf<string,array>">oneOf<string,array></a></span> The indices to query. </div>
|
|
<div class="param">query (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_es_query_rule_oneOf_searchConfiguration_query">params_es_query_rule_oneOf_searchConfiguration_query</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_es_query_rule_oneOf_searchConfiguration_query"><code>params_es_query_rule_oneOf_searchConfiguration_query</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">language (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">query (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_index_threshold_rule"><code>params_index_threshold_rule</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The parameters for an index threshold rule.</div>
|
|
<div class="field-items">
|
|
<div class="param">aggField (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the numeric field that is used in the aggregation. This property is required when <code>aggType</code> is <code>avg</code>, <code>max</code>, <code>min</code> or <code>sum</code>. </div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#aggtype">aggtype</a></span> </div>
|
|
<div class="param">filterKuery (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> A KQL expression thats limits the scope of alerts. </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#groupby">groupby</a></span> </div>
|
|
<div class="param">index </div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The indices to query. </div>
|
|
<div class="param">termField (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> This property is required when <code>groupBy</code> is <code>top</code>. The name of the field that is used for grouping the aggregation. </div>
|
|
<div class="param">termSize (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> This property is required when <code>groupBy</code> is <code>top</code>. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields. </div>
|
|
<div class="param">threshold </div><div class="param-desc"><span class="param-type"><a href="#integer">array[Integer]</a></span> The threshold value that is used with the <code>thresholdComparator</code>. If the <code>thresholdComparator</code> is <code>between</code> or <code>notBetween</code>, you must specify the boundary values. </div>
|
|
<div class="param">thresholdComparator </div><div class="param-desc"><span class="param-type"><a href="#thresholdcomparator">thresholdcomparator</a></span> </div>
|
|
<div class="param">timeField </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The field that is used to calculate the time window. </div>
|
|
<div class="param">timeWindowSize </div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> The size of the time window (in <code>timeWindowUnit</code> units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. </div>
|
|
<div class="param">timeWindowUnit </div><div class="param-desc"><span class="param-type"><a href="#timewindowunit">timewindowunit</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_apm_anomaly"><code>params_property_apm_anomaly</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">serviceName (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The service name from APM </div>
|
|
<div class="param">transactionType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The transaction type from APM </div>
|
|
<div class="param">windowSize </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The window size </div>
|
|
<div class="param">windowUnit </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The window size unit </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">m</div><div class="param-enum">h</div><div class="param-enum">d</div>
|
|
<div class="param">environment </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The environment from APM </div>
|
|
<div class="param">anomalySeverityType </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The anomaly threshold value </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">critical</div><div class="param-enum">major</div><div class="param-enum">minor</div><div class="param-enum">warning</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_apm_error_count"><code>params_property_apm_error_count</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">serviceName (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The service name from APM </div>
|
|
<div class="param">windowSize </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The window size </div>
|
|
<div class="param">windowUnit </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The window size unit </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">m</div><div class="param-enum">h</div><div class="param-enum">d</div>
|
|
<div class="param">environment </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The environment from APM </div>
|
|
<div class="param">threshold </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The error count threshold value </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">set[String]</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
|
|
<div class="param">errorGroupingKey (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_apm_transaction_duration"><code>params_property_apm_transaction_duration</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">serviceName (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The service name from APM </div>
|
|
<div class="param">transactionType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The transaction type from APM </div>
|
|
<div class="param">transactionName (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The transaction name from APM </div>
|
|
<div class="param">windowSize </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The window size </div>
|
|
<div class="param">windowUnit </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> ç </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">m</div><div class="param-enum">h</div><div class="param-enum">d</div>
|
|
<div class="param">environment </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">threshold </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The latency threshold value </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">set[String]</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
|
|
<div class="param">aggregationType </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">avg</div><div class="param-enum">95th</div><div class="param-enum">99th</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_apm_transaction_error_rate"><code>params_property_apm_transaction_error_rate</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">serviceName (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The service name from APM </div>
|
|
<div class="param">transactionType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The transaction type from APM </div>
|
|
<div class="param">transactionName (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The transaction name from APM </div>
|
|
<div class="param">windowSize </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The window size </div>
|
|
<div class="param">windowUnit </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The window size unit </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">m</div><div class="param-enum">h</div><div class="param-enum">d</div>
|
|
<div class="param">environment </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The environment from APM </div>
|
|
<div class="param">threshold </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The error rate threshold value </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">set[String]</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_infra_inventory"><code>params_property_infra_inventory</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">criteria (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_property_infra_inventory_criteria_inner">array[params_property_infra_inventory_criteria_inner]</a></span> </div>
|
|
<div class="param">filterQuery (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">filterQueryText (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">nodeType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">host</div><div class="param-enum">pod</div><div class="param-enum">container</div><div class="param-enum">awsEC2</div><div class="param-enum">awsS3</div><div class="param-enum">awsSQS</div><div class="param-enum">awsRDS</div>
|
|
<div class="param">sourceId (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">alertOnNoData (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_infra_inventory_criteria_inner"><code>params_property_infra_inventory_criteria_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">metric (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">count</div><div class="param-enum">cpu</div><div class="param-enum">diskLatency</div><div class="param-enum">load</div><div class="param-enum">memory</div><div class="param-enum">memoryTotal</div><div class="param-enum">tx</div><div class="param-enum">rx</div><div class="param-enum">logRate</div><div class="param-enum">diskIOReadBytes</div><div class="param-enum">diskIOWriteBytes</div><div class="param-enum">s3TotalRequests</div><div class="param-enum">s3NumberOfObjects</div><div class="param-enum">s3BucketSize</div><div class="param-enum">s3DownloadBytes</div><div class="param-enum">s3UploadBytes</div><div class="param-enum">rdsConnections</div><div class="param-enum">rdsQueriesExecuted</div><div class="param-enum">rdsActiveTransactions</div><div class="param-enum">rdsLatency</div><div class="param-enum">sqsMessagesVisible</div><div class="param-enum">sqsMessagesDelayed</div><div class="param-enum">sqsMessagesSent</div><div class="param-enum">sqsMessagesEmpty</div><div class="param-enum">sqsOldestMessage</div><div class="param-enum">custom</div>
|
|
<div class="param">timeSize (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">timeUnit (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">s</div><div class="param-enum">m</div><div class="param-enum">h</div><div class="param-enum">d</div>
|
|
<div class="param">sourceId (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">threshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">comparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
<div class="param">customMetric (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_property_infra_inventory_criteria_inner_customMetric">params_property_infra_inventory_criteria_inner_customMetric</a></span> </div>
|
|
<div class="param">warningThreshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">warningComparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_infra_inventory_criteria_inner_customMetric"><code>params_property_infra_inventory_criteria_inner_customMetric</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">type (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">custom</div>
|
|
<div class="param">field (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">aggregation (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">avg</div><div class="param-enum">max</div><div class="param-enum">min</div><div class="param-enum">rate</div>
|
|
<div class="param">id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">label (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_infra_metric_threshold"><code>params_property_infra_metric_threshold</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">criteria (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_property_infra_metric_threshold_criteria_inner">array[params_property_infra_metric_threshold_criteria_inner]</a></span> </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#findRules_search_fields_parameter">findRules_search_fields_parameter</a></span> </div>
|
|
<div class="param">filterQuery (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">sourceId (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">alertOnNoData (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
<div class="param">alertOnGroupDisappear (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_infra_metric_threshold_criteria_inner"><code>params_property_infra_metric_threshold_criteria_inner</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">threshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">comparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
<div class="param">timeUnit (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">timeSize (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">warningThreshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">array[BigDecimal]</a></span> </div>
|
|
<div class="param">warningComparator (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum"><</div><div class="param-enum"><=</div><div class="param-enum">></div><div class="param-enum">>=</div><div class="param-enum">between</div><div class="param-enum">outside</div>
|
|
<div class="param">metric (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">aggType (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">custom</div>
|
|
<div class="param">customMetric (optional)</div><div class="param-desc"><span class="param-type"><a href="#custom_criterion_customMetric_inner">array[custom_criterion_customMetric_inner]</a></span> </div>
|
|
<div class="param">equation (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">label (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_log_threshold"><code>params_property_log_threshold</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">criteria (optional)</div><div class="param-desc"><span class="param-type"><a href="#array">array[array[Object]]</a></span> </div>
|
|
<div class="param">count </div><div class="param-desc"><span class="param-type"><a href="#Count_count">Count_count</a></span> </div>
|
|
<div class="param">timeSize </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">timeUnit </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param-enum-header">Enum:</div>
|
|
<div class="param-enum">s</div><div class="param-enum">m</div><div class="param-enum">h</div><div class="param-enum">d</div>
|
|
<div class="param">logView </div><div class="param-desc"><span class="param-type"><a href="#Count_logView">Count_logView</a></span> </div>
|
|
<div class="param">groupBy (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_slo_burn_rate"><code>params_property_slo_burn_rate</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">sloId (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The SLO identifier used by the rule </div>
|
|
<div class="param">burnRateThreshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The burn rate threshold used to trigger the alert </div>
|
|
<div class="param">maxBurnRateThreshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The maximum burn rate threshold value defined by the SLO error budget </div>
|
|
<div class="param">longWindow (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_property_slo_burn_rate_longWindow">params_property_slo_burn_rate_longWindow</a></span> </div>
|
|
<div class="param">shortWindow (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_property_slo_burn_rate_shortWindow">params_property_slo_burn_rate_shortWindow</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_slo_burn_rate_longWindow"><code>params_property_slo_burn_rate_longWindow</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The duration of the long window used to compute the burn rate</div>
|
|
<div class="field-items">
|
|
<div class="param">value (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The duration value </div>
|
|
<div class="param">unit (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The duration unit </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_slo_burn_rate_shortWindow"><code>params_property_slo_burn_rate_shortWindow</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The duration of the short window used to compute the burn rate</div>
|
|
<div class="field-items">
|
|
<div class="param">value (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> The duration value </div>
|
|
<div class="param">unit (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The duration unit </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_synthetics_monitor_status"><code>params_property_synthetics_monitor_status</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">availability (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_property_synthetics_monitor_status_availability">params_property_synthetics_monitor_status_availability</a></span> </div>
|
|
<div class="param">filters (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_property_synthetics_monitor_status_filters">params_property_synthetics_monitor_status_filters</a></span> </div>
|
|
<div class="param">locations (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">numTimes </div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">search (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">shouldCheckStatus </div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
<div class="param">shouldCheckAvailability </div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
<div class="param">timerangeCount (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">timerangeUnit (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">timerange (optional)</div><div class="param-desc"><span class="param-type"><a href="#params_property_synthetics_monitor_status_timerange">params_property_synthetics_monitor_status_timerange</a></span> </div>
|
|
<div class="param">version (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">isAutoGenerated (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_synthetics_monitor_status_availability"><code>params_property_synthetics_monitor_status_availability</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">range (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">rangeUnit (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">threshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_synthetics_monitor_status_filters"><code>params_property_synthetics_monitor_status_filters</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">monitorPeriodtype (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">observerPeriodgeoPeriodname (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">urlPeriodport (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_synthetics_monitor_status_filters_oneOf"><code>params_property_synthetics_monitor_status_filters_oneOf</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">monitorPeriodtype (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">observerPeriodgeoPeriodname (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">urlPeriodport (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_synthetics_monitor_status_timerange"><code>params_property_synthetics_monitor_status_timerange</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">from (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">to (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="params_property_synthetics_uptime_tls"><code>params_property_synthetics_uptime_tls</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">search (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">certExpirationThreshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
<div class="param">certAgeThreshold (optional)</div><div class="param-desc"><span class="param-type"><a href="#number">BigDecimal</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="rule_response_properties"><code>rule_response_properties</code> - Rule response properties</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">actions </div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">api_key_created_by_user (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the API key that is associated with the rule was created by the user. </div>
|
|
<div class="param">api_key_owner </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The owner of the API key that is associated with the rule and used to run background tasks. </div>
|
|
<div class="param">consumer </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The application or feature that owns the rule. For example, <code>alerts</code>, <code>apm</code>, <code>discover</code>, <code>infrastructure</code>, <code>logs</code>, <code>metrics</code>, <code>ml</code>, <code>monitoring</code>, <code>securitySolution</code>, <code>siem</code>, <code>stackAlerts</code>, or <code>uptime</code>. </div>
|
|
<div class="param">created_at </div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> The date and time that the rule was created. format: date-time</div>
|
|
<div class="param">created_by </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the user that created the rule. </div>
|
|
<div class="param">enabled </div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the rule is currently enabled. </div>
|
|
<div class="param">execution_status </div><div class="param-desc"><span class="param-type"><a href="#rule_response_properties_execution_status">rule_response_properties_execution_status</a></span> </div>
|
|
<div class="param">id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the rule. </div>
|
|
<div class="param">last_run (optional)</div><div class="param-desc"><span class="param-type"><a href="#rule_response_properties_last_run">rule_response_properties_last_run</a></span> </div>
|
|
<div class="param">muted_alert_ids </div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">mute_all </div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. </div>
|
|
<div class="param">next_run (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> Indicates how often alerts generate actions. </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the rule. </div>
|
|
<div class="param">revision (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> The rule revision number. </div>
|
|
<div class="param">rule_type_id </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the type of rule. For example, <code>.es-query</code>, <code>.index-threshold</code>, <code>logs.alert.document.count</code>, <code>monitoring_alert_cluster_health</code>, <code>siem.thresholdRule</code>, or <code>xpack.ml.anomaly_detection_alert</code>. </div>
|
|
<div class="param">running (optional)</div><div class="param-desc"><span class="param-type"><a href="#boolean">Boolean</a></span> Indicates whether the rule is running. </div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">scheduled_task_id (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">tags </div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
<div class="param">updated_at </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The date and time that the rule was updated most recently. </div>
|
|
<div class="param">updated_by </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The identifier for the user that updated this rule most recently. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="rule_response_properties_execution_status"><code>rule_response_properties_execution_status</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">last_duration (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param">last_execution_date (optional)</div><div class="param-desc"><span class="param-type"><a href="#DateTime">Date</a></span> format: date-time</div>
|
|
<div class="param">status (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="rule_response_properties_last_run"><code>rule_response_properties_last_run</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">alerts_count (optional)</div><div class="param-desc"><span class="param-type"><a href="#rule_response_properties_last_run_alerts_count">rule_response_properties_last_run_alerts_count</a></span> </div>
|
|
<div class="param">outcome (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
<div class="param">outcome_msg (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> </div>
|
|
<div class="param">outcome_order (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param">warning (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="rule_response_properties_last_run_alerts_count"><code>rule_response_properties_last_run_alerts_count</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'></div>
|
|
<div class="field-items">
|
|
<div class="param">active (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param">ignored (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param">new (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
<div class="param">recovered (optional)</div><div class="param-desc"><span class="param-type"><a href="#integer">Integer</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="schedule"><code>schedule</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The check interval, which specifies how frequently the rule conditions are checked. The interval is specified in seconds, minutes, hours, or days.</div>
|
|
<div class="field-items">
|
|
<div class="param">interval (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="thresholdcomparator"><code>thresholdcomparator</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "is not between".</div>
|
|
<div class="field-items">
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="timewindowunit"><code>timewindowunit</code> - </a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The type of units for the time window: seconds, minutes, hours, or days.</div>
|
|
<div class="field-items">
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
<div class="model">
|
|
<h3><a name="update_rule_request"><code>update_rule_request</code> - Update rule request</a> <a class="up" href="#__Models">Up</a></h3>
|
|
<div class='model-description'>The update rule API request body varies depending on the type of rule and actions.</div>
|
|
<div class="field-items">
|
|
<div class="param">actions (optional)</div><div class="param-desc"><span class="param-type"><a href="#actions_inner">array[actions_inner]</a></span> </div>
|
|
<div class="param">name </div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The name of the rule. </div>
|
|
<div class="param">notify_when (optional)</div><div class="param-desc"><span class="param-type"><a href="#notify_when">notify_when</a></span> </div>
|
|
<div class="param">params </div><div class="param-desc"><span class="param-type"><a href="#AnyType">map[String, oas_any_type_not_mapped]</a></span> The parameters for the rule. </div>
|
|
<div class="param">schedule </div><div class="param-desc"><span class="param-type"><a href="#schedule">schedule</a></span> </div>
|
|
<div class="param">tags (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">array[String]</a></span> The tags for the rule. </div>
|
|
<div class="param">throttle (optional)</div><div class="param-desc"><span class="param-type"><a href="#string">String</a></span> The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if <code>notify_when</code> is set to <code>onThrottleInterval</code>. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values. </div>
|
|
</div> <!-- field-items -->
|
|
</div>
|
|
</div>
|
|
++++
|