IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Create alert API
editCreate alert API
editCreate Kibana alerts.
Request
editPOST <kibana host>:<port>/api/alerts/alert
Path parameters
edit-
<id>
- (Optional, string) Specifies a UUID v1 or v4 to use instead of a randomly generated ID.
Request body
edit-
name
- (Required, string) A name to reference and search.
-
tags
- (Optional, string array) A list of keywords to reference and search.
-
alertTypeId
- (Required, string) The ID of the alert type that you want to call when the alert is scheduled to run.
-
schedule
-
(Required, object) The schedule specifying when this alert should be run, using one of the available schedule formats specified under
Schedule Formats.
A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
We currently support the Interval format which specifies the interval in seconds, minutes, hours or days at which the alert should execute. Example:
{ interval: "10s" }
,{ interval: "5m" }
,{ interval: "1h" }
,{ interval: "1d" }
.There are plans to support multiple other schedule formats in the near future.
-
throttle
-
(Optional, string) How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a
schedule
of 1 minute stays in a triggered state for 90 minutes, setting athrottle
of10m
or1h
will prevent it from sending 90 notifications during this period. -
notifyWhen
-
(Required, string) The condition for throttling the notification:
onActionGroupChange
,onActiveAlert
, oronThrottleInterval
. -
enabled
- (Optional, boolean) Indicates if you want to run the alert on an interval basis after it is created.
-
consumer
- (Required, string) The name of the application that owns the alert. This name has to match the Kibana Feature name, as that dictates the required RBAC privileges.
-
params
-
(Required, object) The parameters to pass to the alert type executor
params
value. This will also validate against the alert type params validator, if defined. -
actions
-
(Optional, object array) An array of the following action objects.
Properties of the action objects:
-
group
-
(Required, string) Grouping actions is recommended for escalations for different types of alert instances. If you don’t need this, set this value to
default
. -
id
- (Required, string) The ID of the action saved object to execute.
-
actionTypeId
- (Required, string) The ID of the action type.
-
params
-
(Required, object) The map to the
params
that the action type will receive. ` params` are handled as Mustache templates and passed a default set of context.
-
Response code
edit-
200
- Indicates a successful call.
Example
edit$ curl -X POST api/alerts/alert -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d ' { "params":{ "aggType":"avg", "termSize":6, "thresholdComparator":">", "timeWindowSize":5, "timeWindowUnit":"m", "groupBy":"top", "threshold":[ 1000 ], "index":[ ".test-index" ], "timeField":"@timestamp", "aggField":"sheet.version", "termField":"name.keyword" }, "consumer":"alerts", "alertTypeId":".index-threshold", "schedule":{ "interval":"1m" }, "actions":[ { "id":"dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2", "actionTypeId":".server-log", "group":"threshold met", "params":{ "level":"info", "message":"alert '{{alertName}}' is active for group '{{context.group}}':\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}\n- Timestamp: {{context.date}}" } } ], "tags":[ "cpu" ], "notifyWhen":"onActionGroupChange", "name":"my alert" }'
The API returns the following:
{ "id": "41893910-6bca-11eb-9e0d-85d233e3ee35", "notifyWhen": "onActionGroupChange", "params": { "aggType": "avg", "termSize": 6, "thresholdComparator": ">", "timeWindowSize": 5, "timeWindowUnit": "m", "groupBy": "top", "threshold": [ 1000 ], "index": [ ".kibana" ], "timeField": "@timestamp", "aggField": "sheet.version", "termField": "name.keyword" }, "consumer": "alerts", "alertTypeId": ".index-threshold", "schedule": { "interval": "1m" }, "actions": [ { "actionTypeId": ".server-log", "group": "threshold met", "params": { "level": "info", "message": "alert {{alertName}} is active for group {{context.group}}:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}\n- Timestamp: {{context.date}}" }, "id": "dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2" } ], "tags": [ "cpu" ], "name": "my alert", "enabled": true, "throttle": null, "apiKeyOwner": "elastic", "createdBy": "elastic", "updatedBy": "elastic", "muteAll": false, "mutedInstanceIds": [], "updatedAt": "2021-02-10T18:03:19.961Z", "createdAt": "2021-02-10T18:03:19.961Z", "scheduledTaskId": "425b0800-6bca-11eb-9e0d-85d233e3ee35", "executionStatus": { "lastExecutionDate": "2021-02-10T18:03:19.966Z", "status": "pending" } }