- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.3
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Developer guide
Get rule types API
editGet rule types API
editRetrieve a list of rule types that the user is authorized to access.
Request
editGET <kibana host>:<port>/api/alerting/rule_types
GET <kibana host>:<port>/s/<space_id>/api/alerting/rule_types
Prerequisites
editIf you have read
privileges for one or more Kibana features, the API response
contains information about the appropriate rule types. For example, there are
rule types associated with the Management > Stack Rules feature,
Analytics > Discover and Machine Learning features, Observability, and
Security features. To get rule types associated with the
Stack Monitoring feature, use the monitoring_user
built-in role.
For more details, refer to Feature privileges.
Description
editEach rule type includes a list of authorized consumer features. For each feature,
users are authorized to perform either read
or all
operations on rules of
that type. This enables you to determine which rule types you can read, create,
or modify. If you want to create or edit a rule in Kibana, some rule types are
limited to specific features and apps.
Path parameters
edit-
space_id
-
(Optional, string) An identifier for the space. If
space_id
is not provided in the URL, the default space is used.
Response body
editEach rule type has the following properties in the API response:
-
action_groups
-
(array of objects) An explicit list of groups for which the rule type can
schedule actions, each with the action group’s unique ID and human readable name.
Rule
actions
validation uses this configuration to ensure that groups are valid. -
action_variables
- (object) A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors.
-
authorized_consumers
- (object) The list of the plugins IDs that have access to the rule type.
-
default_action_group_id
- (string) The default ID for the rule type group.
-
does_set_recovery_context
- (boolean) Indicates whether the rule passes context variables to its recovery action.
-
enabled_in_license
- (boolean) Indicates whether the rule type is enabled or disabled based on the subscription.
-
id
- (string) The unique identifier for the rule type.
-
is_exportable
- (boolean) Indicates whether the rule type is exportable in Stack Management > Saved Objects.
-
minimum_license_required
- (string) The subscriptions required to use the rule type.
-
name
- (string) The descriptive name of the rule type.
-
producer
- (string) An identifier for the application that produces this rule type.
-
recovery_action_group
- (object) An action group to use when an alert goes from an active state to an inactive one.
Response codes
edit-
200
- Indicates a successful call.
Examples
editGET api/alerting/rule_types
For example, if you have read
privileges for the Observability Logs app,
the API returns the following:
[ { "id":"logs.alert.document.count", "name":"Log threshold", "producer":"logs", "enabled_in_license":true, "recovery_action_group":{ "id":"recovered", "name":"Recovered" }, "action_groups":[ { "id":"logs.threshold.fired", "name":"Fired" }, { "id":"recovered", "name":"Recovered" } ], "default_action_group_id":"logs.threshold.fired", "minimum_license_required":"basic", "is_exportable":true, "rule_task_timeout":"5m", "action_variables":{ "context":[ { "name":"timestamp", "description":"UTC timestamp of when the alert was triggered" }, { "name":"matchingDocuments", "description":"The number of log entries that matched the conditions provided" }, { "name":"conditions", "description":"The conditions that log entries needed to fulfill" }, ... ], "state":[], "params":[] }, "authorized_consumers":{ "logs":{"read":true,"all":false}, "alerts":{"read":true,"all":false} }, "does_set_recovery_context":true } ]