- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.3
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Developer guide
Update rule API
editUpdate rule API
editUpdate the attributes for an existing rule.
Request
editPUT <kibana host>:<port>/api/alerting/rule/<id>
PUT <kibana host>:<port>/s/<space_id>/api/alerting/rule/<id>
Prerequisites
editYou must have all
privileges for the appropriate Kibana features, depending on
the consumer
and rule_type_id
of the rule you’re updating. For example, the
Management > Stack Rules feature, Analytics > Discover and Machine Learning
features, Observability, or Security features. If the rule has
actions
, you must also have read
privileges for the Management >
Actions and Connectors feature. For more details, refer to
Feature privileges.
Description
edit- This API supports only token-based authentication.
- When you update a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If you have different privileges than the user that created or most recently updated the rule, you might change its behavior.
- Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.
Path parameters
edit-
id
- (Required, string) The ID of the rule that you want to update.
-
space_id
-
(Optional, string) An identifier for the space. If
space_id
is not provided in the URL, the default space is used.
Request body
edit-
actions
-
(Optional, object array) An array of action objects. The default value is an empty array (
[]
).Properties of the action objects:
-
group
-
(Required, string) Grouping actions is recommended for escalations for different
types of alerts. If you don’t need this, set the value to
default
. -
id
- (Required, string) The identifier of the action.
-
params
-
(Required, object) The map to the
params
that the connector type will receive. Theparams
are handled as Mustache templates and passed a default set of context.
-
-
name
- (Required, string) A name to reference and search.
-
notify_when
-
(Required, string) The condition for throttling the notification:
onActionGroupChange
,onActiveAlert
, oronThrottleInterval
. -
params
-
(Required, object) The parameters to pass to the rule type executor
params
value. This will also validate against the rule type params validator, if defined. -
schedule
-
(Required, object) When to run this rule. Use one of the available schedule formats.
Schedule formats
A schedule uses a
key: value
format. Kibana currently supports the interval format, which specifies the interval in seconds, minutes, hours, or days at which to run the rule. For example:{ "interval": "10s" }
,{ "interval": "5m" }
,{ "interval": "1h" }
, or{ "interval": "1d" }
. -
tags
-
(Optional, string array) A list of keywords to reference and search. The default
value is an empty array (
[]
). -
throttle
-
(Optional, string) How often this rule should fire the same actions. This will
prevent the rule from sending out the same notification over and over. For
example, if a rule with a
schedule
of 1 minute stays in a triggered state for 90 minutes, setting athrottle
of10m
or1h
will prevent it from sending 90 notifications during this period. The default value isnull
.
Response codes
edit-
200
- Indicates a successful call.
Examples
editUpdate an index threshold rule with ID ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
:
PUT api/alerting/rule/ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 { "notify_when": "onActionGroupChange", "params": { "index":[".test-index"], "timeField":"@timestamp", "groupBy":"top", "aggType":"avg", "timeWindowSize":5, "timeWindowUnit":"m", "thresholdComparator":">", "threshold":[1000], "aggType":"avg", "aggField":"sheet.version", "termField":"name.keyword", "termSize":6 }, "schedule": { "interval": "1m" }, "actions": [], "tags": [], "name": "new name", "throttle": null }
The API returns the following:
{ "id": "ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74", "consumer": "alerts", "tags": [], "name": "new name", "enabled": true, "throttle": null, "schedule": { "interval": "1m" }, "params": { "index": [".updated-index"], "timeField": "@timestamp", "groupBy": "top", "aggType": "avg", "timeWindowSize": 5, "timeWindowUnit": "m", "thresholdComparator": ">", "threshold": [1000], "aggField": "sheet.version", "termField": "name.keyword", "termSize": 6 }, "api_key_owner": "elastic", "created_by": "elastic", "updated_by": "elastic", "rule_type_id": ".index-threshold", "scheduled_task_id": "4c5eda00-e74f-11ec-b72f-5b18752ff9ea", "created_at": "2022-06-08T17:20:31.632Z", "updated_at": "2022-06-09T23:36:36.090Z", "notify_when": "onActionGroupChange", "mute_all": false, "muted_alert_ids": [], "execution_status": { "status": "ok", "last_execution_date": "2022-06-09T23:36:17.332Z", "last_duration": 577 }, "actions":[] }