- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.0
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Accessibility
- Release notes
- Developer guide
Update rule API
editUpdate rule API
editUpdate the attributes for an existing rule.
This API supports Token-based authentication only.
Request
editPUT <kibana host>:<port>/api/alerting/rule/<id>
PUT <kibana host>:<port>/s/<space_id>/api/alerting/rule/<id>
Path parameters
edit-
id
- (Required, string) The ID of the rule that you want to update.
-
space_id
-
(Optional, string) An identifier for the space. If
space_id
is not provided in the URL, the default space is used.
Request body
edit-
name
- (Required, string) A name to reference and search.
-
tags
- (Optional, string array) A list of keywords to reference and search.
-
schedule
-
(Required, object) When to run this rule. Use one of the available schedule formats.
Schedule Formats.
A schedule uses a key: value format. Kibana currently supports the Interval format , which specifies the interval in seconds, minutes, hours, or days at which to execute the rule.
Example:
{ interval: "10s" }
,{ interval: "5m" }
,{ interval: "1h" }
,{ interval: "1d" }
. -
throttle
-
(Optional, string) How often this rule should fire the same actions. This will prevent the rule from sending out the same notification over and over. For example, if a rule with a
schedule
of 1 minute stays in a triggered state for 90 minutes, setting athrottle
of10m
or1h
will prevent it from sending 90 notifications during this period. -
notify_when
-
(Required, string) The condition for throttling the notification:
onActionGroupChange
,onActiveAlert
, oronThrottleInterval
. -
params
-
(Required, object) The parameters to pass to the rule type executor
params
value. This will also validate against the rule type params validator, if defined. -
actions
-
(Optional, object array) An array of the following action objects.
Properties of the action objects:
-
group
-
(Required, string) Grouping actions is recommended for escalations for different types of alerts. If you don’t need this, set the value to
default
. -
id
- (Required, string) The ID of the action that saved object executes.
-
params
-
(Required, object) The map to the
params
that the connector type will receive.params
are handled as Mustache templates and passed a default set of context.
-
Response code
edit-
200
- Indicates a successful call.
Example
editUpdate a rule with ID ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
with a different name:
$ curl -X PUT api/alerting/rule/ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 { "notify_when": "onActionGroupChange", "params": { "aggType": "avg", }, "schedule": { "interval": "1m" }, "actions": [], "tags": [], "name": "new name", "throttle": null, }
The API returns the following:
{ "id": "ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74", "notify_when": "onActionGroupChange", "params": { "aggType": "avg", }, "consumer": "alerts", "rule_type_id": "test.rule.type", "schedule": { "interval": "1m" }, "actions": [], "tags": [], "name": "new name", "enabled": true, "throttle": null, "api_key_owner": "elastic", "created_by": "elastic", "updated_by": "elastic", "mute_all": false, "muted_alert_ids": [], "updated_at": "2021-02-10T05:37:19.086Z", "created_at": "2021-02-10T05:37:19.086Z", "scheduled_task_id": "0b092d90-6b62-11eb-9e0d-85d233e3ee35", "execution_status": { "last_execution_date": "2021-02-10T17:55:14.262Z", "status": "ok" } }