github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-28 11:05:39 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/api/osquery-manager/packs/create.asciidoc
natasha-moore-elastic 62e087a8a8
[DOCS] Makes shards optional in Create pack API (#166639) 
## Summary

* Resolves https://github.com/elastic/security-docs/issues/3822.  

* Updates the `shards` object in Create pack API to optional for 8.10.1
and 8.11.0 onwards, per https://github.com/elastic/kibana/pull/166178

* Related to changes made in
https://github.com/elastic/kibana/pull/166363.
2023-09-25 11:38:41 +01:00

98 lines
2 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[[osquery-manager-packs-api-create]]
=== Create pack API
++++
<titleabbrev>Create pack</titleabbrev>
++++
experimental[] Create packs.
[[osquery-manager-packs-api-create-request]]
==== Request
`POST <kibana host>:<port>/api/osquery/packs`
`POST <kibana host>:<port>/s/<space_id>/api/osquery/packs`
[[osquery-manager-packs-api-create-path-params]]
==== Path parameters
`space_id`::
(Optional, string) The space identifier. When `space_id` is not provided in the URL, the default space is used.
[[osquery-manager-packs-api-create-body-params]]
==== Request body
`name`:: (Required, string) The pack name.
`description`:: (Optional, string) The pack description.
`enabled`:: (Optional, boolean) Enables the pack.
`policy_ids`:: (Optional, array) A list of agents policy IDs.
`shards`:: (Optional, object) An object with shard configuration for policies included in the pack. For each policy, set the shard configuration to a percentage (1100) of target hosts.
`queries`:: (Required, object) An object of queries.
[[osquery-manager-packs-api-create-request-codes]]
==== Response code
`200`::
Indicates a successful call.
[[osquery-manager-packs-api-create-example]]
==== Examples
Create a pack:
[source,sh]
--------------------------------------------------
$ curl -X POST api/osquery/packs \
{
"name": "my_pack",
"description": "My pack",
"enabled": true,
"policy_ids": [
"my_policy_id",
"fleet-server-policy"
],
"shards": {
"my_policy_id": 35,
"fleet-server-policy": 58
},
"queries": {
"my_query": {
"query": "SELECT * FROM listening_ports;",
"interval": 60,
"ecs_mapping": {
"client.port": {
"field": "port"
},
"tags": {
"value": [
"tag1",
"tag2"
]
}
}
}
}
}
--------------------------------------------------
// KIBANA
The API returns the pack object:
[source,sh]
--------------------------------------------------
{
"data": {...}
}
--------------------------------------------------
Reference in a new issue View git blame Copy permalink